I would advise you to use the built in
password mechanism of the webserver.
If you are using apache: start with reading
the documentation for
That way you can easily protect all
the files in a directory.
With your solution you only protect the
front page, the pictures themselves will still
be available directly.
I just made the same mistake when constructing
my photo archive. The front page
is password-protected, but you can sill access
the images is you know the URL. (Example: Damian,
giving his talk on Quantum::Superposition is at
Brigitte 'I never met a chocolate I didnt like' Jellinek