Re: General SSL Question

From: Harry Simpson (hssimpson@nospamphgt.net)
Date: 06/27/02 

From: "Harry Simpson" <hssimpson@nospamphgt.net>
Date: Thu, 27 Jun 2002 11:19:33 -0500

Thanks Greg,

I still need to address the issue of https absolute addresses trashing my
cookieless session state.
New challenges eh ;-)

Harry

"Greg Reinacker" <gregnews@rassoc.com> wrote in message
news:OkKIpQfHCHA.2544@tkmsftngp08...
> I remember reading an article a while back (wish I could find it now) that
> said something like 70% of security breaches occur behind the firewall.
So
> given that, if your data is extremely sensitive, I'd encrypt it.
>
> Depending on the network configuration, it's far easier for the amateur to
> effectively run a packet sniffer on an internal network than on the
> internet...
>
> --
> Greg Reinacker
> Reinacker & Associates, Inc.
> http://www.rassoc.com
> http://www.rassoc.com/gregr/weblog/
>
>
> "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> news:#S044jeHCHA.2312@tkmsftngp13...
> > Why would an intranet need SSL if the web app already depended on
Windows
> > authentication. Should the company intranet firewall provide enough
> > security for aspnet apps?
> >
> > Wouldn't SSL (HTTPS) really only be needed for anonymous internet
> > applications??
> >
> > Also, If the application uses cookieless sessions, wouldn't using the
> https
> > absolute URLS cause the session to renew and screw up any session
> > variables.....
> >
> > Ideas?
> >
> > TIA
> > Harry
> >
> >
>
>