This is cache of http://pluralsight.com/blogs/keith/archive/2007/11/29/49322.aspx. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Quick and dirty Information Card implementation without SSL
2007-11-29 09:49:00 by Keith Brown in Security Briefs
 

In .NET 3.5, CardSpace supports sending security tokens to websites that don't have an SSL certificate. This is for websites like personal blogs or other low-risk applications where using SSL might be overkill. In this example, Kim shows how to add support for Information Cards to a website in about 30 lines of code.

Let’s face it.  Getting a certificate, setting up a dedicated external IP address, and configuring your web server to use https is non-trivial for the average person.  Nor does it make much sense to require certificates for personal web sites with no actual monetary or hacker value.  I would even say that without proper security analysis, vetting of software and rigorous operating procedures, SSL isn’t even likey to offer much protection against common attacks.  We need to evolve our whole digital framework towards better security practices, not just mandate certificates and think we’re done.

 
Tags: ssl, personal web sites, proper security analysis, digital framework, low-risk applications, security tokens, personal blogs, actual monetary, web server
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia