What mechanisms do you developers typically use for preventing unauthorized access to a web application? I'm trying to determine the best approach for my web app. Here are the basic guidelines I need to follow:
1. We must limit access to the site to registered users. 2. We currently use BASIC authentication. 3. We currently store passwords in a database in plain text but we now wish to encrypt them. 4. I was leaning towards using DIGEST authentication but am not convinced it works correctly based on various articles/books I've seen. Do you recommend any other approaches? Eventually we will be moving towards a salted-hash scheme for encryption but we were hoping we could stand up a site using DIGEST to provide some basic initial encryption before moving to the stronger scheme. Any advice would be appreciated.
