Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
View Code Camp Videos - Presentations by Wrox Authors
  Return to Index  

security_asp thread: Secure Cookies

Message #1 by SHUNK Dave <Dave.SHUNK@c...> on Thu, 15 Mar 2001 08:35:00 -0800
Funny how just ran into a website that shows this...

http://ntsecurity.win2000mag-asap.com/info/com.duke_ntsecure_15940_15940.htm
l?se=ink

-----Original Message-----
From: Ken Schaefer [mailto:ken@a...]
Sent: Thursday, March 15, 2001 5:44 PM
To: Security_asp
Subject: Re: Secure Cookies



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: The Netscape documentation says:
: SECURE specifies that the cookie is transmitted only if the
: communications channel with the host is a secure.
:
: Does this really work?
: Are there any known issues?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Argh - didn't we just have a huge long discussion about this? I think the MS
security bulletin that refers to the bug in IIS was posted 2 or 3
times...look in the archives - there is an issue whereby a secure cookie
could be sent over an insecure channel if the user moves from SSL to non-SSL

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: Will asp allow a you to inadvertently set a secure cookie over a non
secure
: connection?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

See above.

Cheers
ken

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy