I am using FCKeditor, but have concerns about allowing public access to it. I currently run PHP pages which include files necessary to implament the editor. I can easily protect my pages with IIS password protection or SESSION.

However I am not 100% familiar with FCKeditor and do not want to include special SESSION checks and such on every single page..since I am uncertain to what half of them do or how secure they are.

My thought is to move the FCKeditor up from my HTTP folder so it is not accessible via the web. This would work (so I believe), but how do I allow my pages in the HTTP folder to access these?

Proposed Directory setup:
vhosts/
....mysite.com/
....cgi-bin/
....fckEditor/
....httpdocs/
.......my_safe_directory/
...........myFile.php (file that includes FCKeditor files)

Current Directory setup:
vhosts/
....mysite.com/
.......cgi-bin/
.......httpdocs/
...........fckEditor/
...........my_safe_directory/
................myFile.php (file that includes FCKeditor files)