PDA

View Full Version : Password protection / Secure Login


tommisauce
07-17-2007, 01:31 PM
Hi folks,

I've trawled through various messages/replies etc. and not found anything concrete, therefore I still need to ask a question on the subject of secure logins/passwords. I have built a site in DW8 using a Mac and the client now requires 2 password protected pages. The links to the password protected pages are on the same page and the pages need to be secure as they contain sensitive financial data. I thought there was an extenstion dealing with this but I cant find it.

I have also checked my Cpanel however I want a secure login not to protect whole directories.

Can anyone help me in my search.

Many thanks in advance.

T

davidj
07-17-2007, 02:34 PM
if you want to protect sensitive financial data then your going to need server side security. There are 2 levels of security and that is secure and not secure. Its pointless making a semi secure site. Also you mention the word Client and Secure in the same sentence along with the words.. sensitive financial data. This equates to a serious law suit if you get it wrong

how is your indemnity insurance?

You need to validate your security server side. So you need a scripting language like PHP. Do you know any PHP?

When your dealing with this stuff you cant take it lightly. This is serious stuff and an extension may keep out the casual surfer but you need it to be as secure as a bank! Your client expects this

tommisauce
07-17-2007, 03:32 PM
Thanks for the reply David.

I have used PHP before but only for an emailable contact /submit form. I have never attempted anything too serious with it.

OK so where do I go from here?

davidj
07-17-2007, 03:39 PM
ok if you want to take this forward and add some bling to your CV your first going to have to cover these

http://www.dreamweaverclub.com/vtm/php-mysql-apache.php

those will give you a good grounding in PHP and you can build on them. It will only take a couple of hours to go through them.

then you have this which is what your after. A login tutorial

http://www.dreamweaverclub.com/vtm/php-login-script.php

i would build on this as its just a basic login tut.
you will need to store your passwords in an encrypted form which we can cover together once you have done the advised homework above.

davidj
07-17-2007, 03:47 PM
Addition:...

in the tut i cover just the basic username and password

you need to decide if this meets your requiements. Banks tend to ask a third personal question like a favorite pets name or your mothers maiden name.

your also going to have to decide if the user gets locked out after 3 attempts?

Does the system have an admin area where accounts can be created and deleted?

if the data is of a personel nature are admin staff allowed to view it? this could infringe on data protection laws!

tommisauce
07-18-2007, 10:08 AM
Hi David,

thanks for all the info - I watched some of PHP video - very informative. I will sit down, grab a cup of tea and watch the rest of the series.