WCF security flaw

Question

WCF security flaw

In the 2nd edition of "Programming WCF Services" by Lowy, ch 10, p. 512.

Lowy said about transport security: its main drawback is that it can only guarantee a transfer security point, that is, when the client connects directly to the service. The presence of several intermediaries between the client and the service makes transport security doubtful, since these intermediaries may be unsafe. Consequently, transport security is typically used only by intranet applications.

HTTPS is one of the transport security settings. How does the previous paragraph apply to HTTPS? !!, HTTPS encrypts all things from start to finish. In addition, every e-commerce application in the world uses HTTPS, as you can limit it to applications within the network!

thank

+5

security https wcf

Costa Sep 22 '10 at 8:51

source share

1 answer

Allon Guralnek · Accepted Answer · 2010-09-22T11:03:31+0000

HTTPS encrypts data from a point-to-point connection, and as soon as the data reaches one of the points and is decrypted, a security guarantee is not provided from this security point. However, the intermediate nodes cannot read the information.

, , , , . , .

. (, HTTPS), . , , (, ), .

, , , ( ), , , . , , , , , .

, , , : , ( , ) , , , , , ( ).

WCF security flaw

More articles: