Posted By:
Anonymous
Posted On:
Tuesday, April 23, 2002 02:20 AM
The test-application consists of two pages. An admin-page that allows an administrator to alter data in a database and a user-page which displays the data. Anyone should be able to view the user-page so no security is needed for that one. The admin-page on the other hand needs some sort of protection. I don't know what's available but a usrname/password solution or maybe some sort of certificate. Preferably using encryption. A couple of features I would like to implement: If the admin has been idle for more than X minutes he loses his clearance. If someone without clearance happens to know the url to the admin-page he is denied access (redirected elsewhere). Passwords and usernames shouldn't be stored in plain-text.
More>>
The test-application consists of two pages. An admin-page that allows an administrator to alter data in a database and a user-page which displays the data. Anyone should be able to view the user-page so no security is needed for that one.
The admin-page on the other hand needs some sort of protection. I don't know what's available but a usrname/password solution or maybe some sort of certificate.
Preferably using encryption.
A couple of features I would like to implement:
If the admin has been idle for more than X minutes he loses his clearance. If someone without clearance happens to know the url to the admin-page he is denied access (redirected elsewhere). Passwords and usernames shouldn't be stored in plain-text.
Could you guys outline what needs to be learned and done?Where do I learn about all this stuff? Does anyone know of a good tutorial/HOWTO? Maybe a book called "Bank level security for Dummies"?
<<Less
