I wrote a small internal web app using (a subset of) pylons. As it turns out, I now need to allow a user to access it from the web. This is not an application that was written to be web facing, and it has a bunch of gaping security holes.
What is the simplest way I can make sure this site is securely available to that user, but no one else?
I’m thinking something like apache’s simple HTTP authentication, but more secure. (Is OpenID a good match?)
There is only one user. No need for any user management, not even to change password. Also, I trust the user not to damage the server (it’s actually his).
If it was for me, I would just keep it behind the firewall and use ssh port forwarding, but I would like to have something simpler for this user.
EDIT: Hmm… judging by the answers, this should have been on serverfault. If a moderator is reading this, consider migrating it.
if there’s only a single user, using a certificate would probably be easiest.