Forum Discussion
spalande
Nacreous
Nacreoushelp on iRule
Client PC connects using existing https lin and is directed to our authentication module , this in turn authenticates the user, creates a token for that user session in our application DB and sends a...
What_Lies_Bene1
Cirrostratus
CirrostratusHmmm, that shouldn't be possible if you are using HTTPS. As its in the URL and not compressed you are also NOT vulnerable to CRIME or BEAST which is good.
If you did encrypt or mask it, this wouldn't help as the MITM could just sniff that and use that instead. Likewise, if you put it in a cookie and encrypted that, the encrypted cookie could just be replayed.
In this instance you are probably better off ensuring your TLS configuration is highly secure.
