|
-
Jan 1st, 2021, 07:02 AM
#14
Re: Do you all worry about obfuscating a password in an AJAX POSt over SSL?
I never said HTTPS was difficult or that it was not being used! The OP clearly states that the situation is about SSL connections (I should have said SSL/TLS to be "current" - but it's all HTTPS).
I'm curious about obfuscating the password when you ARE USING an HTTPS connection.
Here's a good read if you are interested in the areas that are concerning me
https://security.stackexchange.com/q...tps-example-co
I log SESSION_START and SESSION_END events - here's a look at the bottom of that log. These are all bot hits - the last real user to login was 2 days before this.
Code:
1/1/2021 2:34:14 AM: HttpContext.Current.Request.IsSecureConnection=True
1/1/2021 2:38:01 AM: Session Start
1/1/2021 2:38:01 AM: HttpContext.Current.Request.IsSecureConnection=True
1/1/2021 2:40:16 AM: Session Start
1/1/2021 2:40:16 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 2:46:29 AM: Session Start
1/1/2021 2:46:29 AM: HttpContext.Current.Request.IsSecureConnection=True
1/1/2021 2:54:15 AM: Session End
1/1/2021 2:54:15 AM: Session End
1/1/2021 2:58:15 AM: Session End
1/1/2021 3:00:35 AM: Session End
1/1/2021 3:06:35 AM: Session End
1/1/2021 4:08:52 AM: Session Start
1/1/2021 4:08:52 AM: HttpContext.Current.Request.IsSecureConnection=True
1/1/2021 4:20:31 AM: Session Start
1/1/2021 4:20:31 AM: HttpContext.Current.Request.IsSecureConnection=True
1/1/2021 4:28:58 AM: Session End
1/1/2021 4:37:27 AM: Session Start
1/1/2021 4:37:27 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 4:40:38 AM: Session End
1/1/2021 4:57:39 AM: Session End
1/1/2021 4:59:38 AM: Session Start
1/1/2021 4:59:38 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 5:08:35 AM: Session Start
1/1/2021 5:08:35 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 5:11:57 AM: Session Start
1/1/2021 5:11:57 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 5:19:40 AM: Session End
1/1/2021 5:25:49 AM: Session Start
1/1/2021 5:25:49 AM: HttpContext.Current.Request.IsSecureConnection=True
1/1/2021 5:28:40 AM: Session End
1/1/2021 5:32:00 AM: Session End
1/1/2021 5:33:10 AM: Session Start
1/1/2021 5:33:10 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 5:34:11 AM: Session Start
1/1/2021 5:34:11 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 5:46:01 AM: Session End
1/1/2021 5:48:12 AM: Session Start
1/1/2021 5:48:12 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 5:49:36 AM: Session Start
1/1/2021 5:49:36 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 5:49:36 AM: Session Start
1/1/2021 5:49:36 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 5:50:28 AM: Session Start
1/1/2021 5:50:28 AM: HttpContext.Current.Request.IsSecureConnection=False
1/1/2021 5:53:21 AM: Session End
1/1/2021 5:54:21 AM: Session End
1/1/2021 6:08:22 AM: Session End
1/1/2021 6:09:42 AM: Session End
1/1/2021 6:09:42 AM: Session End
1/1/2021 6:10:42 AM: Session End
Last edited by szlamany; Jan 1st, 2021 at 07:32 AM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|