I am looking at how best to implement User Authentication on a site i am working on. I would like to follow the advice in this article as i would have more control over everything myself but i am not sure will a solution like this always be open to attack:
Another option is to use a third party to handle this side of things like OpenID but i dont like the idea of having to reply on a third party solution.
What are people thoughts on this subject? Also, i will be taking credit card payments through a third party module but will not be storing credit card information so how secure does the system have to be. The only information of any value in the database is the user email addresses as far as i am aware?