ASP.Net我的Web服务是否足够安全? [英] ASP.Net Is my web service secure enough?

问题描述

我有一个具有几种Web方法的Web服务，每个Web方法都要求客户端计算机发送其MAC地址，然后服务器将根据此信息验证该客户端(如果无效则返回错误)，然后再继续进行操作.客户端和服务器之间的通信是HTTPS.我只有大约20个客户.问题是我做这个正确/安全的方法吗?如果没有，那么有什么简单的方法可以做到这一点?

I have a web service with several web methods, each web method requires client machine to send their MAC Address and the server will validate this client base on this information (if not valid then return error) before proceeding to further operations. The communication between client and server is HTTPS. I only have about 20 clients or so. The question is is my way of doing this right/secure or not? If not then is there any simple way to do this?

谢谢

推荐答案

这取决于您的安全要求，没有一个足够安全"的定义.正如其他人所说，MAC可以被欺骗，实际上只是一个共享的秘密/密码.但是，当HTTPS确保连接的可信度时，这对于许多情况就足够了.您需要定义要保护系统免受哪些威胁，以及愿意在安全方面进行多少投资.

It depends on your security requirements, there is no one definition of "secure enough". As others have said, the MAC can be spoofed, and is in effect just a shared secret/password. However, that is sufficient for many scenarios, when the confidentality of the connection is ensured by HTTPS. You need to define what threats you want to protect the system from, and how much you're willing to invest in security.

这篇关于ASP.Net我的Web服务是否足够安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！