How secure is the ASP.NET Membership framework?
Question
What is the ASP.NET Membership framework's reputation as far as security goes? Are there any typical default configuration settings that are problematic? What best practices are there? Are there any built-in methods to combat things like session hijacking?
3 answers
solution1
5 ACCPTED 2009-07-27 10:00:18
In regard to best practices, there is a short WIKI called ASP.NET 2.0 Security Inspection Questions that lists security considerations when using a membership provider. It may be of some use?
solution2
2 2009-07-27 04:34:14
Omar AL Zabir blogged on some updates he made to the stored procedures that were needed for a high user site implementation. His suggestion is basically to use either
WITH (NOLOCK)
or
SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED
before the SELECT queries in the membership stored procedures.
Optimize asp net membership stored procedures for greater speed and scalability
solution3
1 2009-07-27 04:27:45
I'm not sure if this is a problem for the ASP.NET Membership bits per se, but don't forget to ensure that there is a secret generated on the server and authenticated on POST so you can be sure that the form post came from your app.
There may be other (better) ways to do this, I'm just sharing what I know
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.