Results 1 to 15 of 15

Thread: [RESOLVED] Do you all worry about obfuscating a password in an AJAX POSt over SSL?

Threaded View

  1. #14

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    Connecticut
    Posts
    18,263

    Re: Do you all worry about obfuscating a password in an AJAX POSt over SSL?

    I never said HTTPS was difficult or that it was not being used! The OP clearly states that the situation is about SSL connections (I should have said SSL/TLS to be "current" - but it's all HTTPS).

    I'm curious about obfuscating the password when you ARE USING an HTTPS connection.

    Here's a good read if you are interested in the areas that are concerning me

    https://security.stackexchange.com/q...tps-example-co

    I log SESSION_START and SESSION_END events - here's a look at the bottom of that log. These are all bot hits - the last real user to login was 2 days before this.

    Code:
    1/1/2021 2:34:14 AM: HttpContext.Current.Request.IsSecureConnection=True
    1/1/2021 2:38:01 AM: Session Start
    1/1/2021 2:38:01 AM: HttpContext.Current.Request.IsSecureConnection=True
    1/1/2021 2:40:16 AM: Session Start
    1/1/2021 2:40:16 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 2:46:29 AM: Session Start
    1/1/2021 2:46:29 AM: HttpContext.Current.Request.IsSecureConnection=True
    1/1/2021 2:54:15 AM: Session End
    1/1/2021 2:54:15 AM: Session End
    1/1/2021 2:58:15 AM: Session End
    1/1/2021 3:00:35 AM: Session End
    1/1/2021 3:06:35 AM: Session End
    1/1/2021 4:08:52 AM: Session Start
    1/1/2021 4:08:52 AM: HttpContext.Current.Request.IsSecureConnection=True
    1/1/2021 4:20:31 AM: Session Start
    1/1/2021 4:20:31 AM: HttpContext.Current.Request.IsSecureConnection=True
    1/1/2021 4:28:58 AM: Session End
    1/1/2021 4:37:27 AM: Session Start
    1/1/2021 4:37:27 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 4:40:38 AM: Session End
    1/1/2021 4:57:39 AM: Session End
    1/1/2021 4:59:38 AM: Session Start
    1/1/2021 4:59:38 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 5:08:35 AM: Session Start
    1/1/2021 5:08:35 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 5:11:57 AM: Session Start
    1/1/2021 5:11:57 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 5:19:40 AM: Session End
    1/1/2021 5:25:49 AM: Session Start
    1/1/2021 5:25:49 AM: HttpContext.Current.Request.IsSecureConnection=True
    1/1/2021 5:28:40 AM: Session End
    1/1/2021 5:32:00 AM: Session End
    1/1/2021 5:33:10 AM: Session Start
    1/1/2021 5:33:10 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 5:34:11 AM: Session Start
    1/1/2021 5:34:11 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 5:46:01 AM: Session End
    1/1/2021 5:48:12 AM: Session Start
    1/1/2021 5:48:12 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 5:49:36 AM: Session Start
    1/1/2021 5:49:36 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 5:49:36 AM: Session Start
    1/1/2021 5:49:36 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 5:50:28 AM: Session Start
    1/1/2021 5:50:28 AM: HttpContext.Current.Request.IsSecureConnection=False
    1/1/2021 5:53:21 AM: Session End
    1/1/2021 5:54:21 AM: Session End
    1/1/2021 6:08:22 AM: Session End
    1/1/2021 6:09:42 AM: Session End
    1/1/2021 6:09:42 AM: Session End
    1/1/2021 6:10:42 AM: Session End
    Last edited by szlamany; Jan 1st, 2021 at 07:32 AM.

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width