Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
More security Questions
#1
I have a few more questions that I need to look at for soc2.

1.  What type of session haijacking/cloning detection does IW have? 

How do the servercontroller->securityoptions work?

CheckFormId
CheckSameIP
CheckSameUA

And what does the program do if you uncheck ShowSecurityErrorDetails?

Do these errors get logged somewhere?
Reply
#2
ShowSecurityErrorDetails IIRC shows the details to the end user when violations occur.

CheckFormId - Forms have a "transaction ID" and this causes it to be checked each time.

CheckSameIP - Checks to make sure the user always uses the same IP and that the session does not get hijacked by URL. Some improper proxies, usually mobile networks change IPs midstream though so sometimes this can be an issue with this option.

CheckSameUA - Same as IP check, but checks the user agent (browser) to stop moving from one browser to another mid session.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)