RE: adding ssl to asp.net website

ssl to asp.net website On Wed, Apr 13, 2011 at 10:36 PM, Richard Carde wrote: I think you disregarded the part about 'falling back'. If you've committed to securing the login process via SSL then you've used that IP address already. Yes, there's overhead. Yes, you

Re: adding ssl to asp.net website

On Wed, Apr 13, 2011 at 10:36 PM, Richard Carde wrote: > I think you disregarded the part about 'falling back'. If you've committed > to securing the login process via SSL then you've used that IP address > already. Yes, there's overhead. Yes, you might need more than 1 IP - but > only if you

Re: adding ssl to asp.net website

On Tue, Apr 12, 2011 at 9:44 AM, Ken Schaefer wrote: > > > > > *From:* ozdotnet-boun...@ozdotnet.com [mailto: > ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Richard Carde > *Sent:* Tuesday, 12 April 2011 2:46 PM > > > On Sun, Apr 10, 2011 at 12:55 PM, Anthony wrote: > > Thanks David...i have in

Re: adding ssl to asp.net website

On Tue, Apr 12, 2011 at 7:34 PM, Ken Schaefer wrote: > Previous poster says they don’t understand the rationale – I just pointed > out two reasons. With everything in security, it’s about balancing cost vs. > risks mitigated. > I might have agreed with you a few years ago - I think in today's a

RE: adding ssl to asp.net website

From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of David Connors Sent: Tuesday, 12 April 2011 5:12 PM To: ozDotNet Subject: Re: adding ssl to asp.net website On Tue, Apr 12, 2011 at 6:44 PM, Ken Schaefer mailto:k...@adopenstatic.com>> wrote: I don't

Re: adding ssl to asp.net website

On Tue, Apr 12, 2011 at 6:44 PM, Ken Schaefer wrote: > I don't understand the rationale for falling back to non-https mode. > IMO, it's bad practice and increases risk to the user - see OWASP Top Ten > 2010 risks > A3, A6 and A9.

RE: adding ssl to asp.net website

From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Richard Carde Sent: Tuesday, 12 April 2011 2:46 PM To: ozDotNet Subject: Re: adding ssl to asp.net website On Sun, Apr 10, 2011 at 12:55 PM, Anthony mailto:asale...@tpg.com.au>> wrote: Thanks Dav

Re: adding ssl to asp.net website

On Sun, Apr 10, 2011 at 12:55 PM, Anthony wrote: > Thanks David...i have installed ssl cert etcmost ecommerce system only > use ssl for login and checkout..so was looking for technique to do this... > > > > I don't understand the rationale for falling back to non-https mode. IMO, it's bad pr

Re: adding ssl to asp.net website

On Sun, Apr 10, 2011 at 9:55 PM, Anthony wrote: > Thanks David...i have installed ssl cert etcmost ecommerce system only > use ssl for login and checkout..so was looking for technique to do this... > If that's the case, they'd probably be vulnerable to man-in-the-middle attacks by taking the

RE: adding ssl to asp.net website

-running-a-partial-ssl-website-in-asp-net.aspx From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of David Connors Sent: Sunday, 10 April 2011 5:13 PM To: ozDotNet Subject: Re: adding ssl to asp.net website On Sun, Apr 10, 2011 at 2:55 PM, Anthony wrote

Re: adding ssl to asp.net website

On Sun, Apr 10, 2011 at 2:55 PM, Anthony wrote: > Anyone have any experience creating a mixed mode ssl site. I.e. I want to > only enforce ssl for a specific pages..any standard methodology to use? I > don’t want to hard code the links but provide some sort of configuration for > flexibility. >

adding ssl to asp.net website

Anyone have any experience creating a mixed mode ssl site. I.e. I want to only enforce ssl for a specific pages..any standard methodology to use? I don't want to hard code the links but provide some sort of configuration for flexibility. regards Anthony (*12QWERNB*)