Re: General SSL Question
From: Greg Reinacker (gregnews@rassoc.com)
Date: 06/27/02
- Next message: Harry Simpson: "Re: General SSL Question"
- Previous message: Ely Lucas: "Process Model"
- In reply to: Harry Simpson: "General SSL Question"
- Next in thread: Harry Simpson: "Re: General SSL Question"
- Reply: Harry Simpson: "Re: General SSL Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Greg Reinacker" <gregnews@rassoc.com> Date: Thu, 27 Jun 2002 10:06:07 -0600
I remember reading an article a while back (wish I could find it now) that
said something like 70% of security breaches occur behind the firewall. So
given that, if your data is extremely sensitive, I'd encrypt it.
Depending on the network configuration, it's far easier for the amateur to
effectively run a packet sniffer on an internal network than on the
internet...
-- Greg Reinacker Reinacker & Associates, Inc. http://www.rassoc.com http://www.rassoc.com/gregr/weblog/ "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message news:#S044jeHCHA.2312@tkmsftngp13... > Why would an intranet need SSL if the web app already depended on Windows > authentication. Should the company intranet firewall provide enough > security for aspnet apps? > > Wouldn't SSL (HTTPS) really only be needed for anonymous internet > applications?? > > Also, If the application uses cookieless sessions, wouldn't using the https > absolute URLS cause the session to renew and screw up any session > variables..... > > Ideas? > > TIA > Harry > >
- Next message: Harry Simpson: "Re: General SSL Question"
- Previous message: Ely Lucas: "Process Model"
- In reply to: Harry Simpson: "General SSL Question"
- Next in thread: Harry Simpson: "Re: General SSL Question"
- Reply: Harry Simpson: "Re: General SSL Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
