保安和运输安全
[英]ws-security and transport security
问题描述
I can not understand the following: WS-Security and https are presented as alternatives. 
我无法理解以下内容:WS-Security和https是替代方法。
The problem though with https (as described) is when there intermediaries ie proxies are between client and server. https的问题(如上所述)是在客户端和服务器之间存在中介(即代理)时。
Then we can work arround and guarrantee point-to-point security eg between proxy and server but not end to end. 然后,我们可以在代理和服务器之间(但不是端对端)进行点对点的安全性和保证。
So we can have: 所以我们可以有:
Client <--(secure)--> Proxy <--(secure)-->Server
But this is not equal to 但这不等于
Client <--(secure)--> Server
So why is not the end-to-end guaranteed? 那么为什么不能保证端到端呢? Could someone please give a specific example? 有人可以举一个具体的例子吗?
Also if in my network I do not have any proxies does this mean that https is ok? 另外,如果在我的网络中我没有任何代理,这是否意味着https可以?
And vice versa if I have proxies I MUST use WS-Security instead? 反之亦然,如果我有代理服务器,我必须改用WS-Security?
Thank you 谢谢
1 个解决方案
解决方案1
3 已采纳 2011-01-03 18:05:35
Your understanding is not exactly correct. 您的理解并不完全正确。 With HTTPS your communication is secure between client and server. 使用HTTPS,客户端和服务器之间的通信是安全的。 Proxy doesn't know anything about the communication except one thing - the host you are communicating to. 代理对通信一无所知,只有一件事-与之通信的主机。 This is achieved by using HTTPS proxy (HTTP Connect command, see RFC 2616 for details). 通过使用HTTPS代理(HTTP Connect命令,有关详细信息,请参阅RFC 2616)来实现。 So there's no problem with HTTPS (I don't know where you've found the opposite). 因此,HTTPS没问题(我不知道您在哪里找到相反的东西)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.