如何在不更改客户端的情况下保护我的WCF服务？ [英] How to secure my WCF service without changing in client ?

问题描述

您好，



我使用basicHttpBinding在wcf服务上创建。我已经在超过10个项目中使用过这项服务。

由于开放元数据（< serviceMetadata httpGetEnabled =truehttpsGetEnabled =true/>）我的服务被黑客入侵，有人试过访问我的服务。所以我的所有服务元数据都被盗了。现在我已禁用元数据访问。但他们仍然可以访问我的服务并窃取我的数据。如何保护我的服务而不影响我的所有其他项目（不改变客户端）。我不想给所有其他项目的构建。



我可以选择更改所有方法的名称，但我需要更改所有引用的项目。但这是一项非常艰巨的任务。



请咨询。



提前致谢

。



我的尝试：



i有一个更改所有方法名称的选项，但我需要更改所有引用的项目。但这是一项非常艰巨的任务。

Hello,

I have created on wcf service with basicHttpBinding. and i have used this service in more than 10 projects.
due to open metadata (<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>) my service is get hacked and somebody tried to access my service. so my all service metadata is stolen. right now i have disable metadata access. but still they can access my service and steal my data. how may i secure my service with out affecting my all other projects (without changing in clients). i dont want to give all other project's build.

i have a option to change all method's name but i need to change in all referenced project. but its a very difficult task.

Please advice.

Thanks in advance
.

What I have tried:

i have a option to change all method's name but i need to change in all referenced project. but its a very difficult task.

推荐答案

在生成此请求的一般级别上，它完全简化为以下内容：

On the general level this request is generated, it perfectly reduced to the following:

但是我在考虑一个计划

要染一个绿色的胡须，

并且总是使用这么大的粉丝

它无法看到。

But I was thinking of a plan
To dye one's whiskers green,
And always use so large a fan
That it could not be seen.

Lewis Carroll，白骑士之歌

Lewis Carroll, The White Knight's Song

改变的想法名字毫无意义。充其量，这就是所谓的 通过默默无闻的安全性 。



对于非常困难的任务，抱歉，这是无稽之谈：Visual Studio通过其重构引擎立即更改整个解决方案的名称。但是，如果必须支持已部署的客户端单元，则必须支持旧名称。然后更改名称（不是新名称的引入）不是一项艰巨的任务，它只是一个解决方案。但是这不是一个解决方案。



你需要的只是遵循一些简单的逻辑：如果你想要信任一个客户端的一些数据，你提供它。我不知道为什么你认为你的服务被黑了。如果有人下载了很多你的数据，那就是这样的;它发生是因为你允许这样做。除非你提供一些令人信服的证据，否则我看不到任何黑客攻击的迹象。



怎么办？答案非常简单：它完全由您所需的服务功能定义。您必须公开此功能所需的内容，而不是其他任何内容。所有关于安全性的讨论都是无关紧要的。



另一个决定是：您是否使用用户身份验证。如果这样做，有权访问系统的用户必须注册;其他用户无法访问任何敏感信息。

-SA

The idea to "change name" makes no sense at all. At best, this is what's called Security through obscurity.

As to "a very difficult task", sorry, this is nonsense: Visual Studio changes names on whole solution in no time through its refactoring engine. However, if you have to support already deployed client units, you have to support old name. Then change of the name (not introduction of new name) is not "a difficult task", it's just not a solution. But this is not a solution anyway.

All you need is to follow some simple logic: if you want to trust one client some data, you provide it. I have no idea why you consider your service "hacked". If some downloaded a lot of your data, this is what it is; it happens because you allow to do so. I cannot see any signs of "hacking", unless you provide some convincing evidence.

What to do? The answer is pretty simple: it's fully defined by the required functionality of your service. You have to expose what is needed for this functionality, and nothing else. All talking of "security" is simply irrelevant.

A separate decision is: you either use user authentication or not. If you do, the users having access to the system have to register; other users have no access to anything sensitive.

—SA

这篇关于如何在不更改客户端的情况下保护我的WCF服务？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！