Which Web site feature should you configure?

You have a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed. The
server contains a Web site. You need to ensure that the cookies sent from the Web site are
encrypted on users’ computers. Which Web site feature should you configure?

You have a Windows Server 2008 R2 server that has the Web Server (IIS) server role installed. The
server contains a Web site. You need to ensure that the cookies sent from the Web site are
encrypted on users’ computers. Which Web site feature should you configure?

A.
Authorization Rules

B.
Machine Key

C.
Pages And Controls

D.
SSL Settings

Explanation:

To encrypt the cookies sent from the website on the users’ computer, you need to use machine key.
Encrypting cookies is important to prevent tampering. A hacker can easily view a cookie and alter it.
So to protect the cookie, machine key is used in ASP .NET 2.0. Encryption is based on a hash plus the
actual data encrypted, so that if you try to change the data, it’s pretty difficult. ASP.NET’s ViewState
uses the Machinekey config file section to configure the keys and such… this is important when the
application is going to be run on a web farm, where load balancing webservers may be in no affinity
mode.
Reference: http://www.codeproject.com/KB/web-security/HttpCookieEncryption.aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *