performance - Where should you enable SSL? -

-

my last couple of projects have involved websites sell product/service , require 'checkout' process in users put in credit card information , such. got ssl certificates security of plus giving peace of mind customers. am, however, little clueless subtleties of it, , importantly parts of website should 'use' certificate.

for example, i've been websites moment hit homepage put in https - banking sites - , there websites put in https when checking out. overkill make entire website run through https if doesn't deal on level of banking? should make checkout page https? performance hit on going out?

i go "ssl go woe".

if user never enters credit card number, sure, no ssl.

but there's inherent possible security leak cookie replay.

  1. user visits site , gets assigned cookie.
  2. user browses site , adds data cart ( using cookie )
  3. user proceeds payment page using cookie.

right here there problem, if have handle payment negotiation yourself.

you have transmit information non-secure domain secure domain, , again, no guarantees of protection.

if dumb share same cookie unsecure secure, may find browsers ( rightly ) drop cookie ( safari ) sake of security, because if sniffs cookie in open, can forge , use in secure mode to, degrading wonderful ssl security 0, , if card details ever temporarily stored in session, have dangerous leak waiting happen.

if can't software not prone these weaknesses, suggest ssl start, initial cookie transmitted in secure.


Comments

Post a Comment

Popular posts from this blog

c++ - How do I get a multi line tooltip in MFC -

-
right now, have tool tip pops when hover on edit box. problem tool tip contains multiple error messages , in 1 long line. need have each error message on own line. error messages contained in cstring new line seperating them. my existing code below. bool ontooltiptext(uint, nmhdr* pnmhdr, lresult* presult) { assert(pnmhdr->code == ttn_needtexta || pnmhdr->code == ttn_needtextw); // need handle both ansi , unicode versions of message tooltiptexta* pttta = (tooltiptexta*)pnmhdr; tooltiptextw* ptttw = (tooltiptextw*)pnmhdr; // tchar szfulltext[256]; cstring strtiptext=_t(""); uint nid = pnmhdr->idfrom; if (pnmhdr->code == ttn_needtexta && (pttta->uflags & ttf_idishwnd) || pnmhdr->code == ttn_needtextw && (ptttw->uflags & ttf_idishwnd)) { // idfrom hwnd of tool nid = ::getdlgctrlid((hwnd)nid); } //m_errprojaccel[ch] contains 1 or more error messages each...
Read more

asp.net - In javascript how to find the height and width -

-
i having .aspx , masterpage page. in masterpage loading aspx page . in aspx page design using generating table structure using code-behind server in javascript how find height , width . regards, kumar if you're looking table height , width, should it var tbl = document.getelementbyid('tbldemo'); alert(tbl.offsetwidth + '\n' + tbl.offsetheight);
Read more

c# - DataTable to EnumerableRowCollection -

-
i have datatable according client requirement can contain invalid date "00/00/1999",null,empty string.(typed datset) when collect them enumerables wish convert of invalid forms empty string. (i.e) enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || (how check date invalid date) ? string.empty : order.field<datetime>("orderdate") } how check whether date valid date or not? datetime.tryparse...like given current code: datetime date; enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || !datetime.tryparse(convert.tostring(order.field<datetime...
Read more