7 Web Site Security
Setting up SSL on your web server prevents any interception of information sent to and from the MyID web site.
You must review the following security considerations for the MyID web site:
- SSL/TLS on the MyID web site
- MyID server-to-server web services
- Firewall
- Secure session cookie
- Click jacking
- Remove details of the IIS server from the HTTP headers
Some of the suggestions in this section apply to more than MyID web site. There is a choice between applying these to the individual MyID web sites or to the "Default Web Site". If there no web sites other than those belonging to MyID, you are recommended to apply the changes to the "Default Web Site". Otherwise the IIS administrator is recommended to make an informed choice based on the requirements of the other web sites that share a server with MyID.