|
Subject:
|
.net security model
|
|
Posted By:
|
rahul.agarawal
|
Post Date:
|
1/10/2007 2:01:51 AM
|
hiii friends..
this z wth respect to asp.net security..as far as i know in form authentication mode we are bound to use security socket layer(SSL)since text z traferred between client and server as pure html text..
So in that case we have to use https:// instead of http://..well my doubt z that while opening gmail or yahoo mail why we r not using http:// though it uses a form authentication mode for security purpose..
Waiting keenly for ur reply..bye-2.
|
|
Reply By:
|
dparsons
|
Reply Date:
|
1/10/2007 11:36:18 PM
|
First about the Forms Authentication. Yes unless you have setup SSL on your server and people can access your site through HTTPS, all of the Forms Authentication is passed as clear text =[ Setting up SSL isn't that hard but it does cost a little bit of money. (Security Cert and such) but once that is in place you can safely pass data back and forth over HTTPS.
I can't speak about Yahoo because I do not use their web mail but GMail I do use and the reason that you are always connected via an HTTPS site is:
Their Incoming (POP) and Outgoing (SMTP) servers require an SSL connection as to secure the inbound and out bound traffic of their mail server. Think about it: if your logged into gmail void of that SSL connection all of the mail you are reading is being passed back and forth clear text so anyone, really, could be reading your email. Over an SSL connection there is some protection so not every Script Kiddie known to man is reading your email.
Think of it sort of like the PGP Mail Client. (If your not familiar Google for it.)
-------------------------
I will only tell you how to do it, not do it for you.
Unless, of course, you want to hire me to do work for you.
^^Thats my signature
|
