Advice on when to use SSL? esp. Session ID security
From: Luke Arms (linarms@yahoo.com)
Date: 04/04/03
- Next message: Michael Leung: "UNC file share and NTLM user identity"
- Previous message: yang: "Forms authorization. how?"
- Next in thread: Patrice Scribe: "Re: Advice on when to use SSL? esp. Session ID security"
- Reply: Patrice Scribe: "Re: Advice on when to use SSL? esp. Session ID security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Luke Arms <linarms@yahoo.com> Date: Fri, 04 Apr 2003 04:20:02 GMT
Hi,
I'm just trying to assess when/how much to use SSL encryption on an ASP.NET
site. Obviously I'll be using it on the login page, but what do people
think about retaining SSL for the duration of the user's session? My
primary concern is that although 'crackers' might be unable to get a
username/password, they could possibly forge a session cookie after the
user logs on and returns to a standard HTTP connection. To what extent
should this be a genuine concern? Given the overhead of running an entire
site over SSL if a user's logged on, it would be preferable to only use
HTTPS for the login page ...
Any comments?
Thanks,
Luke
- Next message: Michael Leung: "UNC file share and NTLM user identity"
- Previous message: yang: "Forms authorization. how?"
- Next in thread: Patrice Scribe: "Re: Advice on when to use SSL? esp. Session ID security"
- Reply: Patrice Scribe: "Re: Advice on when to use SSL? esp. Session ID security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
