additional security measures besides a login with user-password - what can you think of?

Posted by Tom Tom on Stack Overflow See other posts from Stack Overflow or by Tom Tom
Published on 2010-03-30T18:19:43Z Indexed on 2010/03/30 18:23 UTC
Read the original article Hit count: 483

Filed under:
|

I'm wondering which additional security measures one could take besides a traditional login with user and password.

What do you think of this one:

_manually adding a cookie to each client which includes a secret key

_this cookie is not served by the webserver, it is actually copied "by hand" to each client computer

_if a client connects to the web-app the server graps that cookie and if the containing secret key is ok, the traditional login box is presented where the user has to enter the user-password combination

_communication between client and server is encrypted with https

Thus a potential intruder would first need to get the cookie from the clients computer, which is only possible with having access to the clients computer.

This would work only for a very small user-base and an admin willing to do this manual work.

© Stack Overflow or respective owner

Related posts about server

Related posts about web-security