Re: SSL How-TO
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 06/21/05
- Next message: bradley: "Re: Audit trail for web application"
- Previous message: dl: "SSL How-TO"
- In reply to: dl: "SSL How-TO"
- Next in thread: dl: "Re: SSL How-TO"
- Reply: dl: "Re: SSL How-TO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Jun 2005 04:45:33 -0700
Hello dl,
i guess you are using FormsAuth - so authentication is based on a cookie.
This cookie has to be transmitted to every pages that requires authentication.
This would mean that you secure the login page, but all remaining pages will
receive the cookie in clear text. If someone can steal/sniff that cookie
he can hijack the authenticated users identity.
or short - No.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Hi
> Can we set SSL enable only for the login page, in an ASP.NET
> application
> TIA
- Next message: bradley: "Re: Audit trail for web application"
- Previous message: dl: "SSL How-TO"
- In reply to: dl: "SSL How-TO"
- Next in thread: dl: "Re: SSL How-TO"
- Reply: dl: "Re: SSL How-TO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
