I am creating a simple w开发者_如何学Ceb management studio using SMO. Is it secure enough to persist/store user information (login and password for database) using ASP.NET mechanism (e.g. formsauthentication, cookies, etc.).
What will be the best practice to do this?
thanks
Yes it is very secure but you must consider this:
- User requireSSL = true
- cookieless = false
- enableCrossAppRedirects=false
- httpOnlyCookies="true"
also for the role manager do not cache the roles in cookie
<roleManager enabled="true" cacheRolesInCookie="false">
non "out of the box" system is 100% what you looking for, and you maybe need to think what other extra messure you need to take for make it even more secure.
Also you can open the database and see what informtions is stored on it, to see if are meet your requirements. The password is not saved, but the salt of it, so you can not read it, and it save is the email/name of your user.
Some extra reference
http://msdn.microsoft.com/en-us/library/ff650037.aspx
http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx
http://msdn.microsoft.com/en-us/library/ms972969.aspx
http://msdn.microsoft.com/en-us/magazine/cc163807.aspx
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论