SSL How-TO

D

Dominick Baier [DevelopMentor]

Hello dl,

i guess you are using FormsAuth - so authentication is based on a cookie.
This cookie has to be transmitted to every pages that requires authentication.

This would mean that you secure the login page, but all remaining pages will
receive the cookie in clear text. If someone can steal/sniff that cookie
he can hijack the authenticated users identity.

or short - No.
 
G

Guest

I thought the content of the authentication cookie is an encrypted session
ticket, with no username / password information, isn't it?
 
J

Joe Kaplan \(MVP - ADSI\)

Yes, but if they sniff the cookie they can still replay it and assume your
identity on the website. You generally want to be careful about passing
around forms auth cookies on an unencrypted channel.

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SSL from squarespace to my EC2 0
Trouble connecting with ftp... tls error 1
How to fix ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:2570) 0
SSL enabled ASP.NET application 6
How does one install Python 3.7 in HPC without root access on Linux? 1
How to get Python make to detect /usr/local/ssl 0
SSL on 3.2.2 0
How do I set up IIS to debug classic ASP? 0

Members online

No members online now.
Total: 29 (members: 0, guests: 29)
Robots: 370

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,070
Latest member
BiogenixGummies

Latest Threads

Top