WCF NetTcpBinding的 - 是传输加密足够了吗？ [英] WCF netTCPBinding - Is transport encryption enough?

问题描述

我已经得到了它可以处理一些敏感的数据的WCF服务。我想确保我一直从数据被暴露，所以我期待在NetTcpBinding的...主要是因为我可以控制它在整个运行网络的性能是高优先级。

I've got a WCF service which handles some sensitive data. I'd like to make sure I keep that data from being exposed and so I'm looking at netTCPBinding... primarily because I can control the network it runs across and performance is a high priority.

我认识到，存在可以被加密两个领域：传输级和消息级别。我打算使用证书在传输层，我的理解使用TLS通过TCP加密。

I recognize that there are two areas that can be encrypted: transport level and message level. I intend to use certificates to encrypt at the transport level, which I understand uses TLS over TCP.

主叫客户端也是我，所以我控制了传输层。因为我预计在传输层没有变化，我需要操心消息级别​​的加密？它似乎没有必要，除非我想改变运输的灵活性。

The calling clients are also mine and so I control the transport level. Since I anticipate no change in the transport layer, do I need to bother with message level encryption? It seems unnecessary unless I want the flexibility of changing the transport.

推荐答案

当你不控制中介的消息级加密是必要的。中介服务需要能够修改肥皂头和可以窥视你的敏感数据的恶意目的。但是，如果你控制了从最初的发送者到最终接收者，那么你就在这个水平需要加密。

The message-level encryption is needed when you do not control an intermediary. Intermediary services need to be able to modify the soap headers and could peek at your sensitive data for malicious purposes. But if you control everything from initial sender to ultimate receiver, then you do not need encryption at that level.

我的工作，使用netTCP内部服务的项目，我可以证实它工作得很好。

I work on a project that uses netTCP for internal services, and I can confirm it works well.

这篇关于WCF NetTcpBinding的 - 是传输加密足够了吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！