Re: How to use SSL for login page only

---

• From: Cory J. Laidlaw, Beyond01.com <CoryJLaidlawBeyond01com@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 5 Mar 2008 18:46:01 -0800

---

Joe,

thanks for responding. I see your point.

I just notice that several websites only employ SSL at certain periods, say
when providing credit card information. Once completed, they turn SSL off
again.

Cory

"Joe Kaplan" wrote:

Why would you put only the login page under SSL? What makes you think that
provides any security? Sure, you can encrypt the connection when the user
is providing their plaintext password, but if someone snoops on a different
request that isn't encrypted and steals the user's cookie (just as easy as
stealing the pwd from the form post), they own the user just the same. It
begs the question as to why bothering with SSL at all.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Cory J. Laidlaw, Beyond01.com"
<CoryJLaidlawBeyond01com@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D2CD56D2-634F-4BAF-BB82-9A565C7A1C90@xxxxxxxxxxxxxxxx

Hi there,

I need to setup a web site that starts with a public home page.

I would then like to have a link to a login page so I can authenticate
them
against a database.

When I launch my project, it starts under HTTP, which is great. How can I
make sure the Login page is under HTTPS?

Thanks for any help you can provide!

Cory

.

---

• Follow-Ups:
  • Re: How to use SSL for login page only
    • From: Joe Kaplan

• References:
  • Re: How to use SSL for login page only
    • From: Joe Kaplan

• Prev by Date: Re: How to use SSL for login page only
• Next by Date: RE: Reconnect to a session and authenticate.
• Previous by thread: Re: How to use SSL for login page only
• Next by thread: Re: How to use SSL for login page only
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Basic password security question ... Look at the pages - they never post that form over HTTP - usually the login form posts to an HTTPS address.... ... You need SSL - and if you have it for the rest of your site, why not for you login page too? ... Developing More Secure Microsoft ASP.NET 2.0 Applications ... (microsoft.public.dotnet.framework.aspnet.security) Re: From http:// to https:// ... > I have a login page that is secured with SSL and other non secure pages ... As Server.Transefer or response.redirect takes http by default. ... > standard method to transefer pages from normal to SSL page and vice versa. ... (microsoft.public.dotnet.framework.aspnet) Re: Windows 2003 Server LDAP. ... "Joe Kaplan" wrote: ... uses LDAP simple bind to connect to AD. ... SSL is that LDAP simple bind is not secure because it uses plaintext ... 'address book' in accessories to test it before trying on the copier. ... (microsoft.public.windows.server.active_directory) Forms Authentication and SSL ... I'm using Forms Authentication, the user may come from a HTTP page, the ... back to a non SSL page. ... This used to work without any warnings. ... Suddenly after entering the login ... (microsoft.public.dotnet.framework.aspnet.security) Re: Problem establishing SSL connection in code-behind ... On Jan 2, 11:15 pm, "Joe Kaplan" ... Especially confusing is that at once place, the log says that I am not ... I thought that maybe port 4443 (the SSL port I use) is blocked by the ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2008-03