G
Guest
Hello,
I am developing a Website in ASP.Net 2.0 with Login Control as a
Starting page. I have already implemented Membership for login control. Now I
want to know
1. How do I implement unique Session IDs for every login, so as to prevent
Session Replay attack.
2. How do I encrypt the Password so that it travels from Client i.e Browser
to Server in Salted - Hashed format. As Login Control is a Server Control,
how do I implement Encryption at Client Side. If I implement SSL, then also
password can be seen in clear text through the Intercepting proxies such as
PAROS, BURP etc. Please help.
Thank you
I am developing a Website in ASP.Net 2.0 with Login Control as a
Starting page. I have already implemented Membership for login control. Now I
want to know
1. How do I implement unique Session IDs for every login, so as to prevent
Session Replay attack.
2. How do I encrypt the Password so that it travels from Client i.e Browser
to Server in Salted - Hashed format. As Login Control is a Server Control,
how do I implement Encryption at Client Side. If I implement SSL, then also
password can be seen in clear text through the Intercepting proxies such as
PAROS, BURP etc. Please help.
Thank you