Security requirements

1. System denies access if login or password doesn't match.
2. System properly closes session after user's logout, so that he's not logged in anymore
3. Configuration file is not available via www to other users
4. Dump files are not available directly via url
5. System provides secure authentication