Re: Do i need to got Https:// throught the website ???

From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 13 Nov 2006 09:13:55 -0600

It depends. If they use Basic authentication then it is absolutely
necessary to protect the password of the user. If they use IWA, then it is
not necessary for that, but it may be necessary to protect the data that
they website is providing. The company may have policies which require that
no one be able to eavesdrop on the data. I think that is totally
reasonable.

There are also some security experts who suggest that NTLM hashes are not
difficult to crack, so using NTLM without encryption is a bad idea.
Kerberos is stronger in this regard, but may not be what they are using for
Windows auth.

Have you asked them why they use HTTPS?

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Ananth Ramasamy Meenachi"
<AnanthRamasamyMeenachi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:537453A7-F9AC-49C0-8DE1-EC2D6493AFDF@xxxxxxxxxxxxxxxx

Hi All,
An organization has a website which goes with windows
authentication to access their website and this website is accessed by
their
employee around 60,000 and accessed with a frequency atleast once in a day
or
more. They use https:// throught the website, Does is necessary ??? please
help me with supporting documents.

one more question, Can anyone hatch when i use http:// ?, should i go for
https://?

Thanks in advance,

Ananth Ramasamy Meenachi

Follow-Ups:
- Re: Do i need to got Https:// throught the website ???
  - From: Ananth Ramasamy Meenachi
- Re: Do i need to got Https:// throught the website ???
  - From: Dominick Baier

Prev by Date: How to decrypt CAPICOM data i .NET 2.0
Next by Date: Re: How to decrypt CAPICOM data i .NET 2.0
Previous by thread: How to decrypt CAPICOM data i .NET 2.0
Next by thread: Re: Do i need to got Https:// throught the website ???
Index(es):
- Date
- Thread

Relevant Pages

Re: Designing Network Security
... Since we need to protect ... We need to place a web server, ... Having a separate machine for the public website would go a long way. ... Cross site scripting and other web attacks before hackers do! ...
(Pen-Test)
Re: My-searcher
... >> Please respond in Newsgroup. ... >> Protect your PC ... The exact website address that keeps ... **Post your HijackThis log to ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: [PHP] Referring URL Authentication
... I wish to protect the entire Website http://www.example.com from ... Next I thought about HTTP authentication. ... domains A and B don't share a common database. ...
(php.general)
Re: Driving a website using VFP
... URL, if you're using basic authentication, e.g. ... > Further to the IE automation stuff above, ... > without user intervention. ... >> In another section of the program, I want to log onto another website, ...
(microsoft.public.fox.programmer.exchange)
Re: Integrated windows authentication problems
... Post the relevant logon failure events here (if you open the event, ... Basic Authentication enabled at the same time when you want to test Basic. ... Recently I created a website that uses Integrated Windows Authentication ... NOTE: frontpage server extensions gave ...
(microsoft.public.inetserver.iis.security)