Password Protection

Yet, if you are interested in your HTML content encryption and email extractors blocking we will apply the respective methods and implement this functionality.

Mainly, we protect the valuable content within the developed sites utilizing the following techniques:

  1. Limiting unauthorized access to server resources
    • user authentication
    • roles and access levels flexible system
  2. Confidential data securing
    • SSL connection usage
    • credit card number usage for transaction only followed by its next deletion
    • encrypted password storing only

The majority of pages on the most of web-sites require HTTP protocol which is open and widely used on WWW and which is enough. At the same time this protocol is also allowed to be used for the pages containing user personal data or site management mechanisms. Yet, sometimes a higher level protection of the data exchange channel between user and server is needed. In this case we implement HTTPS protocol which is based on SSL protocol, and which operates on RSA algorithm. Using a key with 128 bit minimum length provides the sufficient protection. Generally, secure protocol is not applied for all of the site pages due to an increased load on server.

When storing passwords for user authentication, several variants can be implemented on customer choice:

  1. Hashed password is stored (the user enters a password which is then transformed as per specific algorithm and compared to that stored in the database).
  2. The password is stored open.

Each method has its own advantages and disadvantages:

  • In the first case - there is no possibility to restore the existent password but to generate a new one.
  • In the second case - there is a loss in security.

Besides, developed is a technique to prevent using robots on authentication pages. For this purpose a special image is generated having a specific background and a scripture which is impossible to be recognized enabling the existent recognition algorithms. At the same time a human can easily read the scripture on the image.

Currently, when registering at a site almost always a valid e-mail is needed for its enabling. Several levels of authentication have been developed to verify user identity and can be implemented at QArea at customer choice:

  1. not requiring authentication
  2. authentication as per stated format
  3. authentication per valid e-mail indicated

Also, in QArea we can implement a resource access blockout functionality:

  1. as per IP-address
  2. as per time period
  3. forced in case of invalid password or by administrator.
Request a Quote

* Please fill in fields with asterisk.

Request a Call

* Fields with asterisk are mandatory for filling.