[英]do i need ssl on my web application?
I have an application which is structured as: Web Application - WCF Service - Database 我有一个结构如下的应用程序:Web应用程序-WCF服务-数据库
All communicate to and from the database goes through the WCF Service, the Web Application is not able to directly talk to the database. 与数据库之间的所有通信都通过WCF服务进行,Web应用程序无法直接与数据库通信。 I needed to protect the data as it travels across, so i setup SSL on my local machine to test and configured it in IIS, so now the WCF Service has to be hit using HTTPS.
我需要保护数据在传输过程中的安全,因此我在本地计算机上设置SSL以在IIS中测试和配置数据,因此现在必须使用HTTPS命中WCF服务。 However, I did not setup my Web Application to use HTTPS, is that ok?
但是,我没有将Web应用程序设置为使用HTTPS,可以吗? I thought since the WCF Service is doing all the transferring of data, it's the only one that needs HTTPS.
我以为,由于WCF服务正在执行所有数据传输,因此这是唯一需要HTTPS的服务。
Thanks. 谢谢。
If you're interested in encrypting your data, you need to make sure it's passed encrypted on all tiers of your application. 如果您希望对数据进行加密,则需要确保已在应用程序的所有层上对数据进行加密传递。 From your description it seems that the data passed from the user to the WebApplication itself is unencrypted and therefor passed in clear text.
从您的描述看来,从用户传递到WebApplication本身的数据是未加密的,因此以明文形式传递。 This means that anyone that "listens" to the traffic between your users and the Web Application can intercept the data.
这意味着“侦听”用户与Web应用程序之间的流量的任何人都可以拦截数据。
I recommend adding SSL on the Web Application too, to make sure that your data passes encrypted through all 3 tiers of your application. 我建议也在Web应用程序上添加SSL,以确保您的数据通过应用程序的所有3层进行加密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.