I am making a script, probably in PHP, and it will be important that people cannot use it because the system will involve credits and a hack into the script could cost me a lot of money and/or a lot of apology e-mails. What do you guys use to login to your scripts? How secure is it?
The password is kept in encrypted form in database. Which could be easily accesible and decrypted in case the password is not strong enough. So first step towards security is choose a robust webhost. You can also try cloning script used in website lie Paypal,etc
If your script is dealing with really sensitive stuff, encrypt sensitive information and consider using SSL.
How do you use the information after it has been encrypted? Is there like a key generated so you will be able to read what has been encrypted when you need it? What does it take to go SSL? Is it a whole new language? Does it cost money? Thanks for your input guys.
If it's that sensitive then maybe you shouldn't be storing it (ala sending CC info directly to payment processor instead of putting it into a DB).
http://en.wikipedia.org/wiki/Secure_Sockets_Layer http://www.ssl.com/ I use geotrust: http://www.geotrust.com/products/ssl_certificates/quick_ssl.asp
Also, check out this link: http://pajhome.org.uk/crypt/md5/auth.html Its a nice method so that you're never sending the password across the network. Usually, most login systems just make sure the plaintext password isn't stored in the DB but there's still a weak link whereby the plaintext password is sent over the network from the client browser to the server (unless you're using SSL, as described above). This method solves that problem, without using SSL.
SSL for added security .Net's Form membership and roles provider is sufficient for most application, hash the passwords on the off chance the sql is compromised (again natively supported by .Net)