Client Server Login, Security!

Ok new question, I’m looking into building a web based application that allows login from a remote client (windows, mac build). Problem I found is that the username and password needs to be sent from the client to the web. If that login data is intercepted then access can be easily granted.

So how would one go about creating a secure login system that allows a client to access a back-end web based system?

I think in the most part of what I’m looking at is very secure if I use SSL, however if there was a virus of some kind on the client, that could gain access to the data then that would be a real problem.

Any ideas or suggestions welcome, I’m just looking for a kind of best practice approach.

how say that communication is secure?

Do as any website does and you will be in the standard. Use the SSL solution. A simple post into a https it is ok. Everything else generally increase complexity and give a “fake security”.

Hi, Sisso

The web side is fine and I’m probably going a little over board with this.

The problem I can see is the access data getting intercepted on the client, however this is the same for any client based application I guess.

There is one way I can see that would increase security and that would be to have the login online, and then created a session ID for the client.

That way the client only acts as a receiver for the data based to that unique session ID.

Defiantly over board, but would be nice to see what others have done to handle this
secure handshake between the client and the remote account system.