-
Securing a website
I read this article -> Available here and now I'm interested to know what methods other people use for securing their websites.
Basically I'm using Forms Authentication and using all forms of protection I can including setting cookie protection to All and using SSL for any pages that require the transmission of username/password.
There is another function built into ASP.NET that only allows the authentication cookie only to be accessible over a secure connection which at present I'm not using as it would mean the entire site would need to be SSL protected due to personalisation I have in place. I have menus etc. that are tailored to users which obviously need to access the authentication details. How should I tackle this?
Any advice or experiences would be appreciated.
DJ