
THE FOLLOWING CHANGES ARE SUGGESTED FOR OUR SOFTWARE PACKAGE :-
------------------------------------------------------------

* Currently the passwords are encrypted using a simple Hash operation of 
  SHA-1. This is secure enough but a higher level of security can be obtained 
  by using a random salt to encrypt the passwords.

* The load handling at the server end can be improved. Currently we use 
  a pool manager to handle requests from users as well as applications but for 
  every connection between an app and the server java's HTTPConnection is 
  used. This will turn out to be very costly even with the pool manager 
  running. 
  	To improve the performance and speed of the server, java's sockets should 
  be utilized and proper pooling should be done between the applications

* The applications, currently, check for authentication every time a new page
  of the app is asked for. To avoid this, the cookie should be stored in the 
  app's session and repeated lookup should be prevented. This will need to be 
  done on the APPLICAATION side, so onc proper applications are made it can
  be taken care of then.


