SanjayP
Dec 04, 2014Nacreous
help on iRule
Client PC connects using existing https lin and is directed to our authentication module , this in turn authenticates the user, creates a token for that user session in our application DB and sends a...
Hmmm, that shouldn't be possible if you are using HTTPS. As its in the URL and not compressed you are also NOT vulnerable to CRIME or BEAST which is good.
If you did encrypt or mask it, this wouldn't help as the MITM could just sniff that and use that instead. Likewise, if you put it in a cookie and encrypted that, the encrypted cookie could just be replayed.
In this instance you are probably better off ensuring your TLS configuration is highly secure.