As are result of security penetration test the following changes applied:
All authentication related cookies tagged as httpOnly web.config: enabledVersionHeader=false autocomplete disabled Login url injection redirection fixed session hijacking implemented Dont forget to apply ssl to your website with https and to set the requireSSL="false" to true
This commit is contained in:
parent
6794315198
commit
38592df9e6
8 changed files with 397 additions and 121 deletions
|
@ -157,6 +157,7 @@
|
|||
<Compile Include="Code\ContentPane.cs" />
|
||||
<Compile Include="Code\Controls\DesktopContextValidator.cs" />
|
||||
<Compile Include="Code\PortalUtils.cs" />
|
||||
<Compile Include="Code\SecureSessionModule.cs" />
|
||||
<Compile Include="Code\WebPortalControlBase.cs">
|
||||
<SubType>ASPXCodeBehind</SubType>
|
||||
</Compile>
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue