Data Protection - how to manage expired key?(转载)
问
According to ASP.NET Key Management:
Deleting a key is truly destructive behavior, and consequently the data protection system exposes no first-class API for performing this operation.
Is the expired key still being used to unprotect data previously protected by that key even that key is expired?
Are the expired key kept forever even it might not have any more data protected by it?
Is it a bad practice to delete the key even it is not needed to unprotect any data?
I think currently we need it for the cookie authentication only. The worse case of deleting the key is the user may need to relogon.
What else from ASP.NET Core need the data protection by default?
答
Is the expired key still being used to unprotect data previously protected by that key even that key is expired?
Yes.
Are the expired key kept forever even it might not have any more data protected by it?
Yes, because we have no way of knowing how you used it, or whether any data still exists.
Is it a bad practice to delete the key even it is not needed to unprotect any data?
Probably not, but you as the developer can use data protection for your own data. We can't know whether you did or not.
What else from ASP.NET Core need the data protection by default?
Parts of OAuth login flow, session and temp data. But those are really short lived.
最新文章
- 第6章 Java类中的方法
- Linux操作系统学习笔记
- Metro中控件WebView访问外部的网页显示一片空白
- 从gitlab下载好cocoapods中遇到的问题
- android学习—— LayoutInflater的使用
- Light OJ 1033 - Generating Palindromes(区间DP)
- Effective Java2读书笔记-类和接口(一)
- apache添加fastcgi支持
- oracle_SQL中ROWID与ROWNUM的使用(转)
- IronPython .NET Integration官方文档翻译笔记
- ps命令注意事项
- IIS下自定义错误页面配置的两种方式(亲测可行)--IIS服务器
- numpy/pandas时间互相转换
- 深入浅出:5G和HTTP
- CSS| 框模型-定位及相關屬性
- .NET MVC ToList() 转Json
- $_cookie的使用
- 如何用GDI+画个验证码
- 配置Android-Annotation (github20大开源:http://www.eoeandroid.com/thread-278980-1-1.html)
- [UOJ181]密码锁