Let's say that I wanted to design an internet-based web app that allows the user to do a lot of awesome server-side stuff. It's basically, client request (facilitated through button presses or something) for server-side task. I want to make sure that only specific users can use this tool.
How do I go about this?
Do I really just create a login page and that's that? Make sure the password and username match up with a preexisting account? Like, I'm kind of thinking about Wells Fargo and it's pretty much just that.
Also, what's the standard level of security I should go for if I wanted to make this is a product. Like, how much time/effort should go into security?