Exactly. You just need to upload an .htaccess file and, possibly, an .htpasswd file to that directory, just as you would any other file. This assumes that your web server is running Apache and that the Apache administrator has given you the permissions to change server configs in .htaccess files. Also, the .htpasswd file can definitely be generated anywhere. It just uses the standard Unix crypt() function to generate the encrypted password, just like in a real passwd file.