'2006 saw security move to the forefront of user consideration, so it's wise to decide on what's appropriate for your project at the outset, rather than tacking it on as an afterthought later on.

Every system must address the following:

• Authentication: knowing who is accessing the system.

• Authorization: knowing what operations each user is allowed to perform, and on which resources.

• Data integrity: preventing unauthorized data changes.

• Encryption of sensitive data.

The client must also address the following:

• Physical security for the servers.

• Watchful user administration and authorization.

• Vigilant maintenance of the operating system, web server, and infrastructure patches.

• Providing industry standard network security, such as firewalls, virus scans, etc.

The following design considerations are available to protect the client's site against unwanted and/or unlawful site activity and intrusion, while still maintaining reasonable maintenance cost:

• SSL encryption (HTTPS) for sensitive data transmission.

• Intrusion Detection System with e-Mail Alerts & Log file generation.