I have a website that I want to make as secure as possible. Currently i’m using SSL and the sspi_auth_module for authentication with Active Directory. I am still in the testing phase and can make any changes that are needed. I’m mainly looking for opinions on what others are doing. Is this configuration secure enough or is there a better way of doing it? Any advice or recommendations would be very helpful.