Forms Authentication Security
I have created a website that uses forms authentication
<authentication mode="Forms"/>. I have traced the response sent from
the web browser after the user has entered a password and pressed
Login. The password is then sent in clear text. Is the only way not to
have the users password in clear text to load the login page with
HTTPS or is there some other way? Does this mean that forms
authentication is not more secure than Basic authentication done by
IIS?
.
Relevant Pages
- Re: Force Relogin. IIS6, ASP.NET app, IE6+ browser
... now it appears you are suggesting I either write a custom authentication ... not prompt with a login dialog. ... The problem you face is that a browser will automatically attempt ... If you can control the browsers to not auto-login to your website, ...
(microsoft.public.inetserver.iis.security) - [Full-Disclosure] Advisory: Dark Age of Camelot - Weak encryption of network traffic exposed persona
... Weak encryption in game client exposed customer billing and authentication ... encryption for billing information. ... The login binary has undergone several updates since then. ...
(Full-Disclosure) - Re: [PHP] Is this the best way?
... Why is Jason schreefing again? ... maybe I should edit my authentication function... ... attempting to login. ... really be either attempting an authentication *or* outputting some ...
(php.general) - Authentication Sharing Across Apps
... For my part "B" question that I had (Login App was not returning ... authentication to calling app), I found the solution. ... Basically, in both the Login App and Calling App Web.Config, I did ... authenticated connection with SQL server. ...
(microsoft.public.dotnet.framework.aspnet.security) - Re: [PHP] Is this the best way?
... Jason Pruim schreef: ... I am attempting to add a little error checking for a very simple login system. ... So maybe I should edit my authentication function... ... really be either attempting an authentication *or* outputting some message ...
(php.general) |
|
