Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Is it possible at all to secure an unencrypted website?

Reply
Thread Tools

Is it possible at all to secure an unencrypted website?

 
 
LenaMsdn08
Guest
Posts: n/a
 
      02-07-2009
We recently had this discussion at work - someone had suggested implementing
single sign-on by passing a random 32-byte key in the query string and match
it against a database that is used by both applications. Both sites are
written in ASP.NET 1.1

It was pointed out that passing this key in the query string was a huge
security hole; anyone who intercepted the request on the Internet could then
use the key to log in.

On the other hand, wouldn't any unencrypted (using http, not https) website
be vulnerable pretty much no matter what you do? For example, even if the
session object is server-side, isn't the cookie that stores the session ID
passed in the HTTP request, so just as well as intercepting the query string,
couldn't someone intercept the cookie and hijack the session?

(My apologies for the lack of correct terminology in this post.)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it possible at all to secure an unencrypted website? LenaMsdn08 ASP .Net Security 6 02-13-2009 01:36 AM
Secure your digital information assets with Secure Auditor. SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:53 AM
Secure your digital information assets with Secure Auditor SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:52 AM
Retrieve unencrypted password Christian Dornes Firefox 5 03-04-2004 11:30 PM



Advertisments