p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   ASP.NET 1.0 and 1.1 Basics (http://p2p.wrox.com/forumdisplay.php?f=60)
-   -   .net security model (http://p2p.wrox.com/showthread.php?t=52492)

rahul.agarawal January 10th, 2007 02:32 AM

.net security model
hiii friends..
this z wth respect to asp.net security..as far as i know in form authentication mode we are bound to use security socket layer(SSL)since text z traferred between client and server as pure html text..
So in that case we have to use https:// instead of http://..well my doubt z that while opening gmail or yahoo mail why we r not using http:// though it uses a form authentication mode for security purpose..
         Waiting keenly for ur reply..bye-2.

peace95 January 10th, 2007 03:51 AM

You should check with the IT Security Manager of the company to establishe and understand how emails are classified. Most companies, due to the Sarbanes-Oxley Act of 2002 MUST have a Security Policy in place. Emails are usually classified as Confidential, where as some transactions are classified as Sensitive and/or Critical. Also with emails, companies can disallow attached files of different extentions as in .exe, .zip. However users get around this by using extensions .ex_ or .zi_ . Some companies will not allow files over a certain size as in 1-5Meg. To get around this, one had to call the Security Officer to get an "OK" to allow file transfer.

The major issue here is EMAILS CANNOT BE AUTHENTICATED. One cannot for sure garauntee that because this email has my unique name, for peace95@yahoo.com, was sent by me. This was shown to me as a test: a co-worker was at one pc and sent an email to another co-worker and the email looked as if it was sent by me.

As I said earlier, check with the IT Security Manager or CIO (Chief Information Officer) for the IT Security Policy in place.

Hope this helps.

All times are GMT -4. The time now is 01:55 AM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.