62,267
社区成员
发帖
与我相关
我的任务
分享漏洞SSL Cookie Not Used需要怎么解决
检查网站漏洞的时候查出来了SSL Cookie Not Used的错误
提示解决的方法是下面这句话
This can be fixed by setting the proper http headers (e.g. no-cache).
下面还有错误的介绍,,请高手指点一下,这个需要怎么去做,,,
This policy states that any area of the website or web application that contains sensitive information or access to privileged
functionality such as remote site administration requires that all cookies are sent via SSL during an SSL session. The URL:
https://enet.11122.com:443/login.aspx has failed this policy. If a cookie is marked with the "secure" attribute, it will only
be transmitted if the communications channel with the host is a secure one. Currently this means that secure cookies will only
be sent to HTTPS (HTTP over SSL) servers. If secure is not specified, a cookie is considered safe to be sent in the clear over
unsecured channels.
提示解决的方法是下面这句话
This can be fixed by setting the proper http headers (e.g. no-cache).
下面还有错误的介绍,,请高手指点一下,这个需要怎么去做,,,
This policy states that any area of the website or web application that contains sensitive information or access to privileged
functionality such as remote site administration requires that all cookies are sent via SSL during an SSL session. The URL:
https://enet.11122.com:443/login.aspx has failed this policy. If a cookie is marked with the "secure" attribute, it will only
be transmitted if the communications channel with the host is a secure one. Currently this means that secure cookies will only
be sent to HTTPS (HTTP over SSL) servers. If secure is not specified, a cookie is considered safe to be sent in the clear over
unsecured channels.
...全文
请发表友善的回复…
发表回复
jshi123 2012-03-27
- 打赏
- 举报
是报哪个cookie有漏洞?试试这样:
Response.Cookies("xxx").Secure = True ' xxx是报漏洞的cookie的名字
Response.Cookies("xxx").Secure = True ' xxx是报漏洞的cookie的名字
laokaizzz 2012-03-26
- 打赏
- 举报
oh,i am sorry ,这么多分,就便宜我算了,哈哈
ssssjsj3jsj 2012-03-23
- 打赏
- 举报
在这个地方可以找到解决的方法,可是都是英语看不懂。
说第一步配置是
Step 1. Configure <forms protection="All" >
这个配置文件是Web.config中配置吗?
第二步配置,是在哪里完成?
Step 2. Use SHA1 for HMAC Generation and AES for Encryption
Review the <machineKey> settings to see what hashing algorithm and what encryption algorithms are used. The defaults of SHA1 and AES are recommended. Configuring as SHA1 uses the HMACSHA1 algorithm. SHA1 is preferred to MD5 hashing because it produces a larger hash size; therefore, it is considered to be more secure. AES is preferred to DES and 3DES because of its larger key sizes.
ASP.NET version 2.0 defaults to using SHA1 and AES. The following defaults are documented in the Machine.config.comments file.
<machineKey
validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
decryption="Auto"
validation="SHA1" />
说第一步配置是
Step 1. Configure <forms protection="All" >
这个配置文件是Web.config中配置吗?
第二步配置,是在哪里完成?
Step 2. Use SHA1 for HMAC Generation and AES for Encryption
Review the <machineKey> settings to see what hashing algorithm and what encryption algorithms are used. The defaults of SHA1 and AES are recommended. Configuring as SHA1 uses the HMACSHA1 algorithm. SHA1 is preferred to MD5 hashing because it produces a larger hash size; therefore, it is considered to be more secure. AES is preferred to DES and 3DES because of its larger key sizes.
ASP.NET version 2.0 defaults to using SHA1 and AES. The following defaults are documented in the Machine.config.comments file.
<machineKey
validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
decryption="Auto"
validation="SHA1" />
ssssjsj3jsj 2012-03-20
- 打赏
- 举报
[Quote=引用 2 楼 laokaizzz 的回复:]
look this , do you have finded?
http://www-01.ibm.com/support/docview.wss?uid=swg21397023
[/Quote]
这个我也用百度搜索到这个网页了,,但是没看懂
look this , do you have finded?
http://www-01.ibm.com/support/docview.wss?uid=swg21397023
[/Quote]
这个我也用百度搜索到这个网页了,,但是没看懂
laokaizzz 2012-03-19
- 打赏
- 举报
look this , do you have finded?
http://www-01.ibm.com/support/docview.wss?uid=swg21397023
http://www-01.ibm.com/support/docview.wss?uid=swg21397023
laokaizzz 2012-03-19
- 打赏
- 举报
路过,帮顶,你是用什么来检测网站漏洞呢
