Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Pros and cons for using https on a logon page?

Reply
Thread Tools

Pros and cons for using https on a logon page?

 
 
Randall Parker
Guest
Posts: n/a
 
      12-04-2005
1) What sorts of scenarios make the possibility of sniffing out a password a higher risk?

2) Do packets travel unencrypted over 802.11 wireless? Is it easy to sniff such
packets and catch a submit of a logon web page using http? Wireless strikes me as the
greatest risk.

3) Have you used http or https for Logon.aspx pages and why?

4) Anyone know if IIS on Windows Server 2003 has https built in? Easy or hard to
configure?

5) If one uses https does one have to do any different code in the CodeBehind for the
web page? Or is that all handled in the IIS configuration and Web.config?

6) How does one redirect from an https logon back to the http page the user logged in
on? Does the http part show up in the RETURNURL argument?
 
Reply With Quote
 
 
 
 
neilmcguigan@gmail.com
Guest
Posts: n/a
 
      12-04-2005
Hi Randall,

I'd recommend reading this article regarding switching betweeen HTTP
and HTTPS automatically:

http://www.codeproject.com/aspnet/We...ecurity_v2.asp

You can install the free SelfSSL as part of the IIS resource kit. Users
will get a warning that your certificate is not trusted, but the
connection will be encrypted:

http://www.microsoft.com/downloads/d...displaylang=en

RapidSSL has pretty cheap trusted SSL certificates:

http://www.rapidssl.com/ssl-certific...e-rapidssl.htm

Regarding your questions:

1. if someone can see a packet going to your server, they can see the
password if not using SSL.

2. if using encrypted wireless, then no. But the leg of the trip that
does not go over encrypted wireless will not be encrypted.

3. yes. to increase user trust, and to prevent packet sniffing

4. IIS supports SSL, but you need an SSL certificate.

5. you won't need to change any code. you can enforce SSL using IIS

6. see the first link

Cheers

Neil

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
threading and multicores, pros and cons Maric Michaud Python 24 02-20-2007 07:47 PM
What deployment setup are production Rails sites using? and pros/cons vasudevram Ruby 1 08-15-2006 05:55 PM
pros and cons using reference-counter VS reference-link Axter C++ 0 01-17-2006 02:12 AM
Question Help: Logon vs Account Logon, Local Logon vs Authentication CJH Microsoft Certification 0 01-04-2006 04:03 PM
Pros and cons "using namespace" BigMan C++ 6 04-07-2005 05:15 PM



Advertisments