You can add to the security by only allowing connections from trusted IP-sources; allow passwords only a limited lifetime; have different levels of access; ...

Good ideas, i have a problem with trusted IPs though, because I can guarantee not all the priveleged users are going to have static IPs (unless I'm missing something, in which case you don't have to have a static IP to be able to authorize via IP...). I know CGI::Session has an IP flag that checks for a change in IP during the session which would definitely be nice.

And by limiting password life, would you suggest emailing the priveleged user a new generated password every...week or so? something like that? or something even more often or secure?

meh.

E-mailing the user his new password is probably the most unsecure way of doing it, unless you encrypt the e-mail.

I was thinking of forcing the user to choose a new password every so often. Usually it is done right after logging in and before the user is allowed further access (otherwise, they tend to "forget" to change the password later).

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law