Pros and cons for using https on a logon page?

Discussion in 'ASP .Net' started by Randall Parker, Dec 4, 2005.

  1. 1) What sorts of scenarios make the possibility of sniffing out a password a higher risk?

    2) Do packets travel unencrypted over 802.11 wireless? Is it easy to sniff such
    packets and catch a submit of a logon web page using http? Wireless strikes me as the
    greatest risk.

    3) Have you used http or https for Logon.aspx pages and why?

    4) Anyone know if IIS on Windows Server 2003 has https built in? Easy or hard to
    configure?

    5) If one uses https does one have to do any different code in the CodeBehind for the
    web page? Or is that all handled in the IIS configuration and Web.config?

    6) How does one redirect from an https logon back to the http page the user logged in
    on? Does the http part show up in the RETURNURL argument?
    Randall Parker, Dec 4, 2005
    #1
    1. Advertising

  2. Randall Parker

    Guest

    Hi Randall,

    I'd recommend reading this article regarding switching betweeen HTTP
    and HTTPS automatically:

    http://www.codeproject.com/aspnet/WebPageSecurity_v2.asp

    You can install the free SelfSSL as part of the IIS resource kit. Users
    will get a warning that your certificate is not trusted, but the
    connection will be encrypted:

    http://www.microsoft.com/downloads/...ee-a71a-4c73-b628-ade629c89499&displaylang=en

    RapidSSL has pretty cheap trusted SSL certificates:

    http://www.rapidssl.com/ssl-certificate-products/rapidssl/ssl-certificate-rapidssl.htm

    Regarding your questions:

    1. if someone can see a packet going to your server, they can see the
    password if not using SSL.

    2. if using encrypted wireless, then no. But the leg of the trip that
    does not go over encrypted wireless will not be encrypted.

    3. yes. to increase user trust, and to prevent packet sniffing

    4. IIS supports SSL, but you need an SSL certificate.

    5. you won't need to change any code. you can enforce SSL using IIS

    6. see the first link

    Cheers

    Neil
    , Dec 4, 2005
    #2
    1. Advertising

  3. Randall Parker

    nimd4

    Joined:
    Apr 10, 2009
    Messages:
    1
    Location:
    Belgrade, Serbia
    Very, very old thread, eye know!.. However, here are some mo' (affordable) SSL certificates: Comodo, GeoTrust, etc.

    Code:
    https://www.namecheap.com/security/ssl-certificates.aspx
    :)
    nimd4, May 17, 2014
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kumar Vijay Mishra

    PSL pros and cons

    Kumar Vijay Mishra, Sep 29, 2004, in forum: VHDL
    Replies:
    2
    Views:
    2,566
    vhdlcohen
    Oct 2, 2004
  2. BigMan
    Replies:
    6
    Views:
    3,371
  3. Maric Michaud

    threading and multicores, pros and cons

    Maric Michaud, Feb 14, 2007, in forum: Python
    Replies:
    24
    Views:
    1,131
    Paul Boddie
    Feb 20, 2007
  4. Axter
    Replies:
    0
    Views:
    434
    Axter
    Jan 17, 2006
  5. vasudevram
    Replies:
    1
    Views:
    115
    A. S. Bradbury
    Aug 15, 2006
Loading...

Share This Page