WCF，DataPower集成-是否需要安全绑定? [英] WCF, DataPower integration - secure binding necessary?

问题描述

我一直在使用基本的HTTP绑定开发WCF服务.它已与DataPower集成在一起.我想通过启用安全绑定来遵循最佳实践.这有必要吗?

I have been developing a WCF service using basic HTTP binding. This has been integrated with DataPower. I want to follow best practice by enabling secure binding. Is this necessary?

请参阅

DataPower旨在减轻WCF服务的安全性.

DataPower is designed to off-load the security for the WCF services.

谢谢.

推荐答案

只有您的安全架构师才能真正告诉您您的案例是否需要它.请记住，使用基本HTTP时，通过网络发送的任何内容都是不安全的.在企业内部，也许这不是问题.但是任何嗅探流量的人都可以拦截您的消息并轻松获取其中的数据.

Only your security architects can really tell you if it is needed for your case. Remember, whatever you are sending over the wire is unsecured when using basic HTTP. Within the enterprise, maybe, that isn't a problem. But anyone that was sniffing the trafic could intercept your messages and easily get to the data within.

在Tellago，我们已经为客户使用定制的联合安全性(几乎与Geneva aka WIF相同)完成了WCF-数据电源集成.但是，很有可能，如果您询问是否需要安全性，则可能未使用联邦安全性.

At Tellago, we have done WCF-Data Power integration using a custom federated security (almost identical to Geneva aka WIF) for our clients. But, odds are, if you are asking if you need security, you probably are not using federated security.

这篇关于WCF，DataPower集成-是否需要安全绑定?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！