To HTTPS website background plus U shield protection is not enough safe?

Website backstage use HTTPS, all operations (including login) are based on post, all use U shield for challenge/response check, MD5 and SHA1 double check, all check code can only be used once, all post data participate in check code calculation, local directory is completely read-only (upload using cloud storage, not using local), Database Pure intranet access, is it safe enough to do this from a code level? Regardless of the server itself vulnerability, social workers, side note, DNS intrusion and other non-procedural code level security issues.

In addition, the concept of a honeypot system, the system as long as the detection of arbitrary attack behavior, automatically switch to the honeypot, background appearance and real background, the same as the data (except for sensitive data), all operations completely closed in the honeypot, is not better?

Reply content:

Website backstage use HTTPS, all operations (including login) are based on post, all use U shield for challenge/response check, MD5 and SHA1 double check, all check code can only be used once, all post data participate in check code calculation, local directory is completely read-only (upload using cloud storage, not using local), Database Pure intranet access, is it safe enough to do this from a code level? Regardless of the server itself vulnerability, social workers, side note, DNS intrusion and other non-procedural code level security issues.

In addition, the concept of a honeypot system, the system as long as the detection of arbitrary attack behavior, automatically switch to the honeypot, background appearance and real background, the same as the data (except for sensitive data), all operations completely closed in the honeypot, is not better?

