Page 1 of 1

Securing a web page with certificate of some sort?

Posted: Fri Sep 25, 2009 3:38 pm
by svmm
Hello,

I'm in the following situation:
I have a running web site which displays a lot of information from a database. This information is available to all users. There is functionality to add new information to the database, however there is only one user (let's call him admin) that is supposed to do that.
What I'm looking for is a way to secure the functions that this admin is using to add information in a way that those functions can be called only from a certain computer (his own). I'm open for all kinds of ideas that can make this idea work.
My own idea is to use some kind of certificate on this computer and all the functions will check if it is available before continuing their execution. So any materials/links on how to make this possible or even better ideas are welcome!

Thank you!

Re: Securing a web page with certificate of some sort?

Posted: Sat Sep 26, 2009 12:51 am
by Robert07
If you want to restrict a certain functionality to one computer you can put their IP address in an .htaccess file and allow connections from only his IP address for the files in a certain folder on your server. That may be easier than the plan you proposed.

Re: Securing a web page with certificate of some sort?

Posted: Sat Sep 26, 2009 3:00 am
by kaisellgren
If these administrative operations can be called from one computer, then using client certificate authentication is a good choice to take. No one else will be able to do those operations unless they got an access to this computer/certificate.