Asp.net-使用SSL防止Cookie重播攻击 [英] Asp.net - Using SSL to prevent cookie replay attack

问题描述

我希望将SSL放在适当的位置，以防止在我们的网站上发生cookie重播攻击.

I'm looking to put SSL into place to prevent cookie replay attacks on our site.

该站点正在使用.NET表单身份验证.我是否仅需要为登录页面启用SSL还是表单身份验证后面的每个页面都需要安全?

The site is using .NET forms authentication. Do I just need to enable SSL for the login page or would it be every page behind the forms authentication that needs to be secure?

谢谢

推荐答案

您需要为每个页面启用SSL，并指示浏览器发送身份验证票证cookie.默认情况下，这意味着您网站上的每个页面，尽管在将cookie写入浏览器时，您可以指示其仅通过HTTPS发送它或将其限制为某些路径.

You would need to enable SSL for every page where the browser is instructed to send the authentication ticket cookie. By default, that would mean every page on your website, although when writing the cookie to the browser you can instruct it to only send it over HTTPS or to limit it to certain paths.

但是一般来说，这意味着SSL不仅保护您的登录页面，而且还保护您网站上的每个页面.

But in general it would mean SSL protecting every page on your site, not just your sign in page.

这篇关于Asp.net-使用SSL防止Cookie重播攻击的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！