是交通运输安全在互联网上WCF服务不好的做法？ [英] Is Transport security a bad practice for the WCF service over the Internet?

问题描述

我已经在互联网上访问的WCF服务。它wsHttpBinding绑定以及消息安全模式下的用户名凭据验证客户端。
MSDN的说，我们应该使用邮件安全的上网方案，因为它提供终端到终端的安全，而不是点至点的安全作为交通运输安全了。

I have a WCF service accessible over the Internet. It has wsHttpBinding binding and message security mode with username credentials to authenticate clients. The msdn says that we should use message security for the Internet scenarios, because it provides end-to-end security instead of point-to-point security as Transport security has.

如果我使用传输安全通过互联网WCF服务？它是一个不好的做法？ ？难道我的数据受到恶意用户可以看到

What if i use transport security for the wcf service over the Internet? Is it a bad practice? Could my data be seen by malicious users?

推荐答案

没有，这将是一个很好的做法 - 麻烦是：你不能保证在当你处理与互联网连接的中间跃任意数量的安全连接的完整链条。

No, it would be a good practice - trouble is: you cannot guarantee a complete chain of secure connections over an arbitrary number of intermediate hops when you're dealing with an internet connection.

所有你可以用运输安全保障是从客户端的链接以第一跳，从最后一跳到服务器的链接 - 任何之间是无法控制的。所以基本上，运输安全在互联网上是行不通的 - 除非你有一个严格控制的环境中，你知道在客户端非常直接连接到你的服务器

All you can guarantee with transport security is the link from your client to the first hop, and the link from the last hop to your server - anything in between is beyond your control. So basically, transport security over the internet is not going to work - unless you have a strictly controlled environment where you know the client connects very directly to your servers.

由于这些技术的限制，传输安全才真正工作在企业/ LAN环境。只要你有路由和中介啤酒花没有控制权，你需要使用的信息安全终端到终端的安全。

Due to those technical limitations, transport security only really works in corporate / LAN environments. As soon as you have no control over the routing and the intermediary hops, you need to use message security for an end-to-end security.

这篇关于是交通运输安全在互联网上WCF服务不好的做法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！