I am writting a site right now which will probebly be used by a lot of people, its for a startup company that I am part of and this is the first time I am writting code for a site that could receive over 100,000 hits a day. I am trying to make it as secure as possible and just in case we do not make the whole thing SSL I am wondering if this security feature I have thought of will even help.
Right now all I am doing once a person is logged-in is storing their IP address from login in a session, their username and the session variable ‘login’ = true. Then everytime they hit a secure page I check to make sure all 3 values are correct including comparing the IP address to their current remote_address. This does not give them very much security, I know its better then nothing and if a real hacker wants into a site they will find a way, but I was thinking that if I add just a little something it might give them more of a challange, the problem being I am not sure if this will slow down the site to much or even really make it more of a challange. What is I generate a uniq string, store it in a session variable AND in the mysql database, then each time the user hits a secure page it compares the session variable to the mysql database variable, if they match it generates a new uniq string and replace the old session variable and mysql variable. This would force the hacker to capture the string over the network, get setup to intercept the the traffic and pose as the user, and access the site and do his damage. If the user hit another secure page BEFORE he hacker did the uniq string will have changed, also if someones uniq string does not match up, the mysql variable would be set to null and the sessions detroyed on the clients computer, forcing the client to re-login (thru SSL)
My main concern is if this site gets ALOT of hits, I am talking 1,000,000 a day hits would this piece of extra code be to much for 2 servers to handle? or a cluster? I have always wondered how much database reading and writting a server could handle before it really, really slowed down. Also does my logic for security make sence? or is there a loophole I am not seeing here.
thanks