问题描述
检查网站漏洞的时候查出来了SSLCookieNotUsed的错误提示解决的方法是下面这句话Thiscanbefixedbysettingtheproperhttpheaders(e.g.no-cache).下面还有错误的介绍,,请高手指点一下,这个需要怎么去做,,,ThispolicystatesthatanyareaofthewebsiteorwebapplicationthatcontainssensitiveinformationoraccesstoprivilegedfunctionalitysuchasremotesiteadministrationrequiresthatallcookiesaresentviaSSLduringanSSLsession.TheURL:https://enet.11122.com:443/login.aspxhasfailedthispolicy.Ifacookieismarkedwiththe"secure"attribute,itwillonlybetransmittedifthecommunicationschannelwiththehostisasecureone.CurrentlythismeansthatsecurecookieswillonlybesenttoHTTPS(HTTPoverSSL)servers.Ifsecureisnotspecified,acookieisconsideredsafetobesentintheclearoverunsecuredchannels.
解决方案
解决方案二:
路过,帮顶,你是用什么来检测网站漏洞呢
解决方案三:
lookthis,doyouhavefinded?http://www-01.ibm.com/support/docview.wss?uid=swg21397023
解决方案四:
引用2楼laokaizzz的回复:
lookthis,doyouhavefinded?http://www-01.ibm.com/support/docview.wss?uid=swg21397023
这个我也用百度搜索到这个网页了,,但是没看懂
解决方案五:
该回复于2012-03-20 13:39:57被版主删除
解决方案六:
在这个地方可以找到解决的方法,可是都是英语看不懂。说第一步配置是Step1.Configure<formsprotection="All">这个配置文件是Web.config中配置吗?第二步配置,是在哪里完成?Step2.UseSHA1forHMACGenerationandAESforEncryptionReviewthe<machineKey>settingstoseewhathashingalgorithmandwhatencryptionalgorithmsareused.ThedefaultsofSHA1andAESarerecommended.ConfiguringasSHA1usestheHMACSHA1algorithm.SHA1ispreferredtoMD5hashingbecauseitproducesalargerhashsize;therefore,itisconsideredtobemoresecure.AESispreferredtoDESand3DESbecauseofitslargerkeysizes.ASP.NETversion2.0defaultstousingSHA1andAES.ThefollowingdefaultsaredocumentedintheMachine.config.commentsfile.<machineKeyvalidationKey="AutoGenerate,IsolateApps"decryptionKey="AutoGenerate,IsolateApps"decryption="Auto"validation="SHA1"/>
解决方案七:
oh,iamsorry,这么多分,就便宜我算了,哈哈
解决方案八:
是报哪个cookie有漏洞?试试这样:Response.Cookies("xxx").Secure=True'xxx是报漏洞的cookie的名字