--- Daniel Falkenberg <[EMAIL PROTECTED]> wrote: > Hi Curtis, > > Yes, I have considered as much as I can about this entire project. > Firstly... > > 1 - Thepage is transfered over SSL.
Good. Can you set it up so that it breaks if you try to send it over an insecure channel? > 2 - The user must login with a username and password. Good. How difficult is the password to break? How is the password being stored? If it's encrypted or a digest is created, are you using a very difficult to guess salt? If so, where is the salt stored? It *is* a different password from what's in /etc/shadow, yes? > 3 - Apache can be set so it only allows users from within a private > network to access the page. Unfortunately, I don't know enough about how this works to comment on it. Anyone else? Don't forget that much, if not most of the corporate security breaches come from whithin the corporation. > Any thing else I am forgetting? Are you using shadow passwords? That's rather important. Cheers, Curtis "Ovid" Poe ===== Senior Programmer Onsite! Technology (http://www.onsitetech.com/) "Ovid" on http://www.perlmonks.org/ __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
