• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Cookie Settings question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> Cookie Settings question Page: [1]
Login
Message << Older Topic   Newer Topic >>
Cookie Settings question - 8.Jun.2009 2:30:02 PM   
eastmarw

 

Posts: 50
Joined: 11.Sep.2008
Status: offline
We are testing sharepoint in our lab for a site that will be coming online in the near future.  We have forms based login and the developer is taking the Userid & Password from the ISA login form and encrypting it to pass this information to some backend web servers that authenticate against eDirectory.  In order for the cookie to get encrypted it appears that the only way to do this is to "Use Persistent Cookies".  We have tried never use persistant cookies but would alwasy get a java script error until we told it ot use persistant cookie.

Unfortunatly we have to have eDirectory in the mix because the users of this particular web portal are not in our AD domain, and with the licensing issues we would incurr if we were to add them to the domain it is cost prohibitive.  eDirectory is still the driving force for the backbone of the firm.

It appears that the use of Persistant cookies and sharepoint for accessing content/applications outside of sharepoint is the only way around it.  Is there a way around using persistant cookies?  If not what are the security ramifications we might encounter.

Thanks for the info.

_____________________________

Dream On Alice, This Ain't Wonderland
Post #: 1
RE: Cookie Settings question - 8.Jun.2009 4:06:37 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
I believe SharePoint was one of the major publishing scenarios that persistent cookies were designed for...

Perstistent cookies are required for the Office integration features of SharePoint as applications outside of the browser (like Office apps) need some way to consume a "system cookie" that exists outside of the browser security context.

More info here:

http://forums.isaserver.org/searchpro.aspx?phrase=persistent+cookies&author=jason+jones&forumid=ALL&topicreply=both&message=body&timeframe=%3E&timefilter=0&language=single&top=300&criteria=AND&submitbutton=+OK+

Using Secure Logoff, low timeout values and "only on private computers" can all help mitigate the risks, but it is always a compromise between security and functionality.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to eastmarw)
Post #: 2
RE: Cookie Settings question - 9.Jun.2009 4:05:30 PM   
eastmarw

 

Posts: 50
Joined: 11.Sep.2008
Status: offline
Thanks Jason!



_____________________________

Dream On Alice, This Ain't Wonderland

(in reply to Jason Jones)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> Cookie Settings question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts