I'm going to open up my machine to the internet in order to use a web application remotely. Only authorized users whom I've assigned login credentials have access to the web app. Although a password authentication is required to sign in to the web app, the app itself may have serious security flaws and can be vulnerable to attacks. As I trust my clients, and not anyone else on the internet, I'm willing there should be a way to protect the web app from malicious attacks.
What do you suggest?
Does HTTPS have a mode with which I can disable the public key advertisement so that only those who are given the certificate and have it installed on their browser can communicate with the web server? Others who don't have the server's public key will have no way to attack the web application, since they can't even talk to the server. Is this possible or I'm just imagining ?
What else can I do ?