Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Using custom Digest authentication
Message
De
11/09/2012 09:06:24
Michel Fournier
Level Extreme Inc.
Petit-Rocher, Nouveau-Brunswick, Canada
 
 
À
11/09/2012 07:50:03
Viv Phillips
Hay-On-Wye, Royaume Uni
Information générale
Forum:
Internet
Catégorie:
Sécurité
Titre:
Re: Using custom Digest authentication
Divers
Thread ID:
01552652
Message ID:
01552710
Vues:
30
>Not required - but less secure without ?

Yes, if you want to add that layer, it will be more secure. Note that this will mathematically be a little bit slower but not something visible to the user. But, the cookie will travel transparently over that layer as well. So, it doesn't change anything but to configure the IIS port and so might be the firewall.

>Don't you have to authenticate before issuing the cookie IAC ?

Yes, exactly, that is the first step. Once authenticated, you generate a cookie in the response. Then, it will live, at minimum, during the session (that implies for as long as the browser remains opened). You can also set the cookie for a duration date, thus passing it an expiration date, which will make it sits somewhere on the PC browser configuration related files. Note that this applies if the browser does not block the cookies. Which is a real ... during these days. See this links about some documentation about issues I have to rely the users to from time to time:

http://www.levelextreme.com/ViewPageGenericCookieVerification.aspx
Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52
Précédent
Répondre
Fil
Voir

Click here to load this message in the networking platform