Secure Website

From: Stephen Goehler (steve@briartek.com)
Date: 01/28/03


From: "Stephen Goehler" <steve@briartek.com>
Date: Tue, 28 Jan 2003 10:58:55 -0500

Hey guys,

Quick question. I have a website on the Internet. I want to create a
secure section of it where users can login and download files.

What is the recommended way to do this? Basic Authentication is easy, but
not really secure. Integrated Windows Authentication is more secure, but it
also requires me to give out the domain name for users to login in. Am I
better off using PHP and a database to have users login in? Another way?
What do you suggest? I can figure out how do it it (I'm not asking that),
just what direction I should go. There will be a small number of users, and
each user (about 5-10 total) after logging in would get a different
selection of files that he/she would be permitted to download.

Thanks!

Steve



Relevant Pages

  • Re: Secure Website
    ... require encryption on the directory in which your login page ... and then use any practical login method that you want. ... > not really secure. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Is .NET Passport credential traffic secure?
    ... my point is that you must FIRST establish a secure connection to ... user instead of making the login page itself secured with SSL so the ... The "Sign In" page at eBay submits the form data ... HTTPS site: Allowing the site to generate the HTML content in the page ...
    (microsoft.public.security)
  • Re: Ace Password Sniffer : How does it work ?
    ... >> Another protocol that offers same is IPSec. ... >> authentication and secure transfer of data between server and client ... >> would be pretty hard to use SSL to secure data exchanged between ... Once you are done with the secured login, ...
    (microsoft.public.security)
  • LOGIN INFO secure at wwww.americanexpress.CA?
    ... secure page which causes the lock symbol to be displayed in the status ... That is the difference which caused the login page ... even though the page itself is not https. ... of a lock in the login region. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: How do I protect my login page from prying eyes (forms authentication)?
    ... Sure, do this if you want to, but I'd rather devote time and energy to making my site secure even if someone discovers the "protected" site. ... Once it's out in the open (and if it's believed the contents are high valued, and people suspect that you've hidden the login page as a security measure), you may be *more* likely to be attacked. ... This means that when the site owner prints an invoice, the URL of this page will be shown in the footer. ...
    (microsoft.public.dotnet.framework.aspnet)