Logon system and security
I have been trying to figure out what is the best way to set up a logn in for users. It all seems not very secure to me, but then again I don't really understand what hackers do.
The operations that are needed are pretty rudimental. Much of the user data never changes and some of it changes often, could be a few times a day. The concept is that they will update data daily from a flash module that sits on their desktop. Within the flash module there is an account number and password, which allows them to do so.
Most of what I have been able to find on these kind of systems, have an account or user table with password. If I control all the operations through admin scripts and determine what is to be done and by who via user input, is this a secure site? I am on an Apache Server and using PHP/MySql for things on the server side. So the connection data resides on the server in a file. If I use this kind of system, how do I protect the connection and admin data? Or is it handled somehow by the system, if implemented correctly?
I am not looking to complicate this, if there are simple things that can be done that would be nice.
thanks
Barry
