Do you force SSL on sensitive methods like “Login” or “Register”?
8/03/2013 5:23 AM by
Any sensitive data that is sent over the wire must be protected using a secure transport such as HTTPS. MVC (version 2, Preview 2 or higher) allows you to specify that HTTPS is required for an action. It’s important that the GET method is secure as well as the POST method to avoid people sending sensitive form data over the wire.
public ActionResult Register()
- Figure: Bad Example – The Register method isn’t secure
public ActionResult Login()
- Figure: Good Example – The Login method is protected by HTTPS
Do you feel this rule needs an update?