[英]Is Windows Authentication (NTLM) on Windows Server 2008 R2 secure for Sharepoint 2010?
Is it generally considered secure to use Windows NTLM Authentication for Sharepoint 2010 on a Windows 2008 R2 server?在 Windows 2008 R2 服务器上使用 Sharepoint 2010 的 Windows NTLM 身份验证通常被认为是安全的吗?
This Sharepoint install WILL BE exposed to the Internet.此 Sharepoint 安装将暴露在 Internet 上。
Is NTLM in 2008 R2 sent as clear text, or some otherwise easily defeat-able encryption? 2008 R2 中的 NTLM 是以明文形式发送的,还是以其他容易破解的加密形式发送的?
I want to be sure we aren't making ourselves vulnerable by this authentication method.我想确保我们不会因为这种身份验证方法而使自己容易受到攻击。
My gut says forms authentication with SSL would be best.我的直觉说,使用 SSL 进行 forms 身份验证是最好的。
Comments?注释?
Your gut is leading you in the right direction.你的直觉引导你朝着正确的方向前进。 NTLMv2 can be vulnerable to an attack known as a forwarding attack where an interloper could set up a proxy between your client and server and hijack an authenticated session.
NTLMv2 可能容易受到称为转发攻击的攻击,其中入侵者可以在您的客户端和服务器之间设置代理并劫持经过身份验证的 session。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.