FormsAuthentication: Is it secure?

前端未结

关注

 3  440

旧时难觅i 2021-02-01 18:28

Using FormsAuthentication build into asp.net it\'s very quick and easy to create a login system that creates a cookie for authenticated users:<

3条回答

梦毁少年i (楼主)

2021-02-01 18:52
If you set the DisplayRememberMe property to false the cookie will not be persisted on the client machine. It will then just be stored in memory.

If you use HTTPS/SSL it will be protected on the way to the client machine.

There are then only theoretical possibilities left:
- Break the SSL encryption
- Steal the cookie from the memory of the client machine
Followed by breaking the encryption on the cookie.

There are probably some easier ways to attack your system.

http://msdn.microsoft.com/en-us/library/ms998310.aspx
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...