General security property will first be encrypted on transmission read the database account password on login to resist the attack (for example;
Uses in user login and registration information processing MD5 encryption, MD5 encryption algorithm for password encryption normal strength. Such transmissions are encrypted on the reader database, you can improve the security level of user information. )
Since my system does not have landed this one passing. Briefly about the measures it should have:
In addition to setting permissions
The user is authorized. Authorization can guarantee is authenticated users the right to access and modify data or services. This is usually done by management to provide some access control mode in the system. It may be a single user access control, access control may be performed to a certain category of users. Also it is based on user groups, user roles, or user-defined list of individual classes.
Maintaining the confidentiality of the data. Data should be protected against unauthorized access. General to achieve confidentiality through encryption of data and communication links of some kind. On the other hand, the communication link generally do not have authorization control for data transmission via the communication link publicly accessible, the unique encryption protection. Web-based link, the link may be achieved through the VPN or SSL.
Maintain integrity. Should provide scheduled data, the data may be redundant information, such as checksum or hash value, they may be encrypted along with the original data, it may be individually encrypted.
Restriction information exposure. Attackers often exploit a weakness exposed to attack all the data and services on the host. Designers can design distribution service on the host, so that only limited service on each host.
Restrict access. A firewall to restrict access based news source or destination port. Messages from unknown sources could be some form of attack. Restrictions on access to known sources is not always possible, for example, there may be requests from unknown sources on a public website. This case is configured to use a so-called deregulation area.
Detect attacks. Detect attacks are usually carried out by "intrusion detection" system.
After resetting event triggers system paralyzed from the attack to reload