Password storage security
Currently building a simple login system that I will use in a couple of servers, some which may not have database access so I am thinking about storing user accounts in a text file. The file will be protected by htaccess, and passwords will be salted and md5 encrypted. Is there anything else I can do to protect this file, I am trying to make it compatible with as many servers as possible so I may not be able to place it out of the www root. Also what possible hacks could people try to access the file?