Talk:.NET Security Cheat Sheet

Jump to: navigation, search

This is a work in progress. Comments welcome. Bill Sempf 01:02, 15 February 2013 (UTC)

As this goes into public beta, please add examples and samples. Much of this guidance is just a stub. Please fill things out as you have the availability! Remember, anyone with an account can attribute. If you want to be more anonymous, please email me and I'll make adjustments. Bill Sempf 02:53, 5 April 2013 (UTC)

In the Encryption section of the page, there's a bullet that mentions that SHA512 is the strongest hashing algorithm in the framework. While this is certainly true for some uses of hashing (not password hashing, which I've added another bullet to cover) would it be useful to add more detail to what you might want to use SHA-512 for? --Xandersherry (talk) 16:03, 19 November 2014 (CST)

This: Disable slidingExpiration and Forms Authentication Ticket timeout. doesn't make any sense. What is the rational behind this bullet? Can we figure out what the guidance is supposed to be, so it can be expressed more coherently? --Xandersherry (talk) 19:35, 19 November 2014 (CST)

I've updated the form auth timeout guidance to be closer to what Jim originally put in the cheat sheet and which I think is better advice for most use cases, but I've strengthened it a bit to reflect that it can be a area of concern and shouldn't be overlooked. If it isn't clear, or there's disagreement around this position, I'd be happy to discuss it further. --Xandersherry (talk) 14:35, 20 November 2014 (CST)