Re: SSL How-TO
dl
Date: 06/21/05
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: SSL How-TO"
- Previous message: bradley: "Re: Audit trail for web application"
- In reply to: Dominick Baier [DevelopMentor]: "Re: SSL How-TO"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: SSL How-TO"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: SSL How-TO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Jun 2005 22:25:52 +0800
I thought the content of the authentication cookie is an encrypted session
ticket, with no username / password information, isn't it?
"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:501385632549583320741864@news.microsoft.com...
> Hello dl,
>
> i guess you are using FormsAuth - so authentication is based on a cookie.
> This cookie has to be transmitted to every pages that requires
authentication.
>
> This would mean that you secure the login page, but all remaining pages
will
> receive the cookie in clear text. If someone can steal/sniff that cookie
> he can hijack the authenticated users identity.
>
> or short - No.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Hi
> > Can we set SSL enable only for the login page, in an ASP.NET
> > application
> > TIA
>
>
>
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: SSL How-TO"
- Previous message: bradley: "Re: Audit trail for web application"
- In reply to: Dominick Baier [DevelopMentor]: "Re: SSL How-TO"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: SSL How-TO"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: SSL How-TO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
