FormsAuthentication.Encrypt and SSL

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Gawel (gawelek_at_SPAM_NO_NON_NOgazeta.pl)
Date: 07/27/04 

Date: Tue, 27 Jul 2004 11:05:45 +0200

Hajo,
in book about security in ASP.NET I read that
if I use Form authentication and need to make its
data secure then I need to use SSL for all pages, not only for
e.g. login page. It is interesting because form ticket is encrypted with
FormsAuthentication.Encrypt and it seems that there is no need
for additional ssl usage. Am I right ?

Gawel

Relevant Pages

  • [NT] Microsoft SSL Library Remote Compromise Vulnerability (MS04-011, Exploit)
    ... Get your security news from a reliable source. ... condition in the Microsoft Secure Sockets Layer (SSL) library. ... the PCT 1.0 protocol is disabled by default. ...
    (Securiteam)
  • RE: Checkpoint smart defance as IPS
    ... SSL is perceived by many as secure. ... Again, SSL is about privacy, not security. ... you don't understand why SSL is regarded secure. ... in order to intercept, ISP requires court order. ...
    (Security-Basics)
  • [fw-wiz] Help- Nat-t
    ... Security of HTTPS ... > Is there some possibility of a MITM attack? ... HTTPS relies on SSL / TLS. ...
    (Firewall-Wizards)
  • Re: SSL Overhead?
    ... encryption - this is useless if there is a backdoor wide open. ... mention the fact that SSL has security issues as well. ... SSL systems. ... Try using regular TCP to send the data. ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: [fw-wiz] The Outgoing Traffic Problem --
    ... technology known as secure sockets layer, ... technology to break into computers, and they can use the same technology ... actually hire folks with clues and/or experience to do security postureing ... No SSL Firewalls!!!!! ...
    (Firewall-Wizards)