tailieunhanh - Expert Service-Oriented Architecture in C# 2005 phần 6

ứng dụng web, nhưng đó chỉ là đỉnh của tảng băng trôi khi nói đến một thực hiện bảo mật mạnh mẽ. Có một vài bất lợi của việc đảm bảo thông tin liên lạc ở cấp độ giao thông vận tải và nó sẽ không luôn luôn là lựa chọn tốt nhất cho các nhu cầu cụ thể của bạn. | 112 CHAPTER 6 SECURE WEB SERVICES WITH WS-SECURITY web application but that is only the tip of the iceberg when it comes to a robust security implementation. There are several disadvantages of securing communication at the transport level and it will not always be the best option for your particular needs. Note Transport level security is the term used when data protection is provided by securing the communication channel itself. The most common example is the HTTPS channel that secures connections between browsers and web servers. HTTPS is based on the SSL protocol. Existing security technologies such as SSL have limitations. We will address this particular topic in this chapter because it will help you understand why the WSE toolkit plays such an important role in the development of a secure Web service. These limitations are in the following areas Point-to-point security SSL does not allow your message to go through intermediaries that might need to read the message or parts of the message and then forward it to a third-party entity. Wire protection Messages are only protected while they are on the wire. If the message reaches its destination and it gets stored it will be saved as plain text. This means that the message could be accessible to unauthorized users if the application is not properly configured to guarantee the message confidentiality. Transport level encryption You can t encrypt only a fragment of a message when you use transport level encryption. This is limiting because there are some cases where not all the information in the message needs to be protected and you could reduce some of the encryption decryption overhead by encrypting only the message elements that are confidential. The WSE toolkit provides a solution for each one of these restrictions. Let s take a closer look at WSE to see how it can be used to build a secure Web service based on the needs of your deployment scenario. Implement WS-Security Using the WSE Toolkit One of the

crossorigin="anonymous">
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.