Secure Log-in Portal for HIGHLY data sensitive site.
I need to find the most secure way to create a log-in area so they can view the various data. Essentially, I am making them their own secure "portal" so they can log in anytime they want.
As of right now I just set up a SSL certificate but don't' think that really makes the "log-in" secure but rather the data that is sent back and forth. I of course plan on placing everything on the https:// side of the server.
Right now I just have a simple .htaccess set on the directory where everything is placed. It is my understanding that this only method is not very secure if I want to make things VERY secure above and beyond simple .htaccess.
I have no idea how to really make this log-in safe.
Here are some things that others have told me to try but am not sure if they worth it:
- Doing everything through Secure SSH or something like that.
-Setting up an IP table of some type or something so that only people with a pre-defined IP address can even see the log-in screen.
Here are the stats:
-I have my own dedicated box
-LAMP platform.
-SSL Certificate set up
Any advice would be GREAT appreciated, I am in WAY over my head.
