Creating a security system.

[Jae]

Ok here is what i'm going to do, i'm going to make a security system.The system will store information, like a online information bank.It will need to be super secure, and totally unhackable.I am going to research what things i will do, all i need is some advice, it wil need a admin panel, IP alert, blocker, user system.Forum, password recovery data purging and maybe some more stuff.

So post what advice you would give, and some more features.

[Luckyrare]

You will need to use SSL dude...

webopedia.com Word definition: (If you dont know what it means)

Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers.By convention, URLs that require an SSL connection start with https: instead of http:.

Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard.

[awelsh]

what about a special pin no. you need to enter to make a payment

[Colin-Roberts]

ssl zend optimized md5 hash ect....

[Evasion]

I reccomend using private ssl or securing it with the clients ip.

[Luckyrare]

You have no option, if you didnt use SSL people wouldnt use it.

[DMB-Hosting]

Yeah use ssl, encode the php files (Assuming its php) incase the server is hacked and they get the files. Protect the server with at least 7char long password alphanumeral (Special Chars e.g. @*^%$£""!#~) if possible.
And MD5.

That should be a good security system also keep all backups external i.e. on an memory stick and multiple copies, encrypted with passwords

EDIT: (Case = Person forgot their pass); generate new password on email confirmation with secret question, incase the persons email is hacked.

[ebay]

wot u really need is a special website domain- (https://)

the s in https://
stands for secure and some 1 has payed alot of money to have a domain like that (over 100GBP)

i can get you 1 for 150GBP for 1yr but once your site has been set up you have to get it verified before you can get yourself the special domain

if you try this https://www.boysstuff.co.uk
it shows that it is secure at the bottom with a closed yellow padlock

now try this https://www.grabyourgraphic.com
it dosent work cos it isnt running on a secure server


also you need a special way or encrypting the data people enter and then uncurupting it when it arrives on the server.

you will need a very good security database cos if u get hacked and you have credit card numbers on there u r stuffed

[Beep]

I guess MD5 would not be suitible for this kind of situation, correct me if I'm wrong.

[Luckyrare]

stands for secure and some 1 has payed alot of money to have a domain like that (over 100GBP)

Thats just when SSL is running not a magic domain...