Let’s assume that you have an Apache webserver and a website that you want VERY finite access 
controls on. You could do it a number of ways, right?
You could craft a clever login page and use cookies, session IDs, etc.
You could use a simple authentication method like .htaccess.
Or, you could create a custom SSL certificate and give that certificate to very specific users that should have access to your site. In a perfect world, only these users could communicate with your site AND the connection would be secured via the magic of SSL.
I know what you’re thinking.
"But Chief, what if someone STEALS your certificate?" HOWTO: Securing A Website With Client SSL Certificates
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag