mcafee scan comes with Encrypted SSL cookie error | ansaurus

tags:

views:

48

answers:

1

Q:

mcafee scan comes with Encrypted SSL cookie error

I have this as a vulnerability issue in McAfee scan for my website (ASP.NET with VB.Net, IIS7, SQL Server 2008)-

Missing Secure Attribute in an Encrypted Session (SSL) Cookie.

What do i have to do to get rid of this vulnerability? please advice

A:

its a level 1 alert, you would have to use a check in your application to determine if the request is https, and then set secure=true in the cookie.

Alternatively, you could assess if allowing this is inline with your company's policy and accept it in mcafee's panel.

Brett Cave 2010-04-21 12:38:16

related questions

Subsonic Vs NHibernate

How to check For File Lock in C# ?

Is nAnt still supported and suitable for .net 3.5/VS2008?

Limit size of Queue<T> in .NET?

Viewstate invalid when using Safari

Free OCR library

Unhandled Exception Handler in .NET 1.1

Localising date format descriptors

Get a new object instance from a Type in C#

VFP .NET OLEdb provider does not work in Win 64-Bits. Help

.NET Testing Framework Advice

Embedded Database for .net that can run off a network

Automatically update version number

Homegrown consumption of web services

How do you migrate a large app from VB6 to VB .net ?

.NET Migrations Engine

Adding Scripting functionality to .NET applications

SQLite and XSD

Floating Point Number parsing: Is there a Catch All algorithm?

How do I programmatically create a PDF in my .NET application?

How do I sync the SVN revision number with my ASP.NET web site?

XSD DataSets and ignoring foreign keys

Anatomy of a "Memory Leak"

Reliable Timer in a Console Application

How do I calculate relative time?