I'm creating a site where client login to our intranet/extranet with user and password and the site displays their data.
My question is should I make the Whole Site SSL or just the login page ?
Using IIS 5.x, Win2K
I'm creating a site where client login to our intranet/extranet with user and password and the site displays their data.
My question is should I make the Whole Site SSL or just the login page ?
Using IIS 5.x, Win2K
depends on the level of security needed and how hard it is to make the entire site SSL. If it's not much extra work, I would go ahead and do it. Can't hurt to add extra secuity.
EntropySink. You know you have to click it.
SSL for the entire site seems to be a waste, you don't need to ENCRYPT an entire html page, just the sensitive data.
Just do the forms.
If you want secure connection - setup a VPN (Virtual Private Network) connection to your intranet/extranet.
My Avatar says: "Stay in School"
Rocco is the Boy!
"SHUT YOUR LIPS..."
Nothings ever secure, it just depends how close to secure-as-possible that you want to be
I've been testing something:
In IIS there's the default web site and the Administration web site.
I made a new one called 'New' on port 13 (same as my default web page)
but how do I browse to that ?
http://localhost:13 -----> my default web site
These don't surf there:
http://localhost:13/New
http://New:13
http://New.localhost:13
setup Host Headers - a host header is like www.yoursite.com or it might be without the www also.
Under host headers you can redirect to the proper site at the proper non-standard port number.
My Avatar says: "Stay in School"
Rocco is the Boy!
"SHUT YOUR LIPS..."