I would like to secure a web site, so I would like some opinions and advice on how to proceed. The site is in the public domain, so there are no company firewall safeguards.
I do have some security already built in. I use a filter to check each call. I make certain an active session is present and the relevant user data is bound to it. I also log the last IP someone logged in from.
I would like to do the following:
Secure the WWW transmission of the site's user's name-password.
Prevent bots from registering.
Safely reset passwords for users that request it.