Home/ Questions/Q 4066366
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T16:07:21+00:00

I have a webapplication which id like to host online. The user logon consists

  • 0

I have a webapplication which id like to host online. The user logon consists of a hashed password which is saved in the db and verified via the code, simple but it was ok for a small office which had an onsite server.

However i dont think this will be suitable when the app is hosted online. Ive considered manually listing the client ip addresses in apache to block access from other machines.

Is there anything else i can do to make access secure? Certificates maybe?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What do you mean by “user logon consists of a hashed password”? Do you use hashed password in your session cookie? Well, anyway, this are some points to get you started:

    1. use HTTPS only (with valid certificates)
    2. don’t use shared hosting (use VPS if you must)
    3. store salted hashes of passwords in your database
    4. if the db is not on localhost, use only encrypted connections
    5. use secure and truly random session IDs
    6. invalidate/expire your sessions on the server
    7. you may consider client certificates if that suits your needs
    8. watch for XSS, XSRF and similar vulnerabilities
    9. use only POST requests for anything that changes any state or data
    10. use a random token in POST parameters for anything that changes any state or data
    11. don’t rely on cookies only
    12. use DNSSEC if possible

    Those are just a few good rules of thumb to get you started.

    • 0