Putting it behind http authentication is cool. Don't put monitor.tcl behind the OACS permissions system. One of my favorite uses of monitor.tcl is diagnosing a web site that's in trouble. If all of your db handles are tied up by a page with a bad query, monitor.tcl relying on OACS permissions (requiring a db hit) renders the tool useless.