SanjayP
Dec 04, 2014Nacreous
help on iRule
Client PC connects using existing https lin and is directed to our authentication module , this in turn authenticates the user, creates a token for that user session in our application DB and sends another redirect url with a token back to client PC. Client PC uses this https redirect url with token and this in turn triggers our Infocenter application allows login and invalidates the token.
Now issue is token which is part of the GET method in the url could be prone to a sniffing / MITM attack and hence used by someone else to login.
Can iRule be written where response F5 sends response to client, token will get encrypted or hidden in URL?