/dev/null wrote:Yes you must enable and configure the session state protection and also be careful when choosing ajax for data validations and stuff like that.
Yes I did consider using VPD controls on the table. I think my main concern was trying to ensure that the data was as safe as possible should the site be compromised by an attack. Obviously I will be coding to prevent SQL Injection attacks and the like, but with it being outward facing I'd like a fallback in case something does happen.
Does anyone have any other best practices for outward facing apps? Things like always using session state protection, enforcing password lockout on failed attempts etc etc?