堆栈内存溢出
  简体   繁体   English

我的Web应用程序上需要SSL吗?

[英]do i need ssl on my web application?

 原文  2013-01-02 21:09:03       asp.net/ iis/ ssl

问题描述

I have an application which is structured as: Web Application - WCF Service - Database 我有一个结构如下的应用程序:Web应用程序-WCF服务-数据库

All communicate to and from the database goes through the WCF Service, the Web Application is not able to directly talk to the database. 与数据库之间的所有通信都通过WCF服务进行,Web应用程序无法直接与数据库通信。 I needed to protect the data as it travels across, so i setup SSL on my local machine to test and configured it in IIS, so now the WCF Service has to be hit using HTTPS. 我需要保护数据在传输过程中的安全,因此我在本地计算机上设置SSL以在IIS中测试和配置数据,因此现在必须使用HTTPS命中WCF服务。 However, I did not setup my Web Application to use HTTPS, is that ok? 但是,我没有将Web应用程序设置为使用HTTPS,可以吗? I thought since the WCF Service is doing all the transferring of data, it's the only one that needs HTTPS. 我以为,由于WCF服务正在执行所有数据传输,因此这是唯一需要HTTPS的服务。

Thanks. 谢谢。

1 个解决方案

解决方案1
 1 已采纳  2013-01-02 21:20:10

If you're interested in encrypting your data, you need to make sure it's passed encrypted on all tiers of your application. 如果您希望对数据进行加密,则需要确保已在应用程序的所有层上对数据进行加密传递。 From your description it seems that the data passed from the user to the WebApplication itself is unencrypted and therefor passed in clear text. 从您的描述看来,从用户传递到WebApplication本身的数据是未加密的,因此以明文形式传递。 This means that anyone that "listens" to the traffic between your users and the Web Application can intercept the data. 这意味着“侦听”用户与Web应用程序之间的流量的任何人都可以拦截数据。

I recommend adding SSL on the Web Application too, to make sure that your data passes encrypted through all 3 tiers of your application. 我建议也在Web应用程序上添加SSL,以确保您的数据通过应用程序的所有3层进行加密。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Azure Web角色中托管的ASP.NET MVC3应用程序中是否需要SessionStateModule? - Do I need SessionStateModule in my ASP.NET MVC3 application hosted in Azure web role? 我需要在Mef实例化类中使用静态TopicClient属性来强制在Web应用程序中使用单个TopicClient吗? - Do I need a static TopicClient property in an Mef instantiated class to enforce the use of a single TopicClient in my web application? 我的web api服务需要访问令牌吗? - Do I need an access token for my web api service? 如何在azure中为我的Web应用程序设置连接字符串? - how do i set the connection string for my web application in azure? 将Web Forms网站转换为Web Forms / MVC Web应用程序,我需要注意哪些陷阱(配置,安全性)? - Shifting Web Forms web site to Web Forms/MVC web application, what gotchas (config, security) do I need to look out for? 我需要一个Web应用程序中的通知系统 - I need a notification system in a web application iSeries + ASP.NET Web应用程序-iSeries是否需要任何特殊许可证? - iSeries + ASP.NET web application - Do I need any special license for iSeries? 我怎么知道我的应用程序中是否需要“WCF HTTP激活”? - How do I know if I need “WCF HTTP Activation” in my application? 我需要在个人计算机上运行ASP.NET Web应用程序进行测试吗? - What do I need to run ASP.NET web applications on my personal machine for testing purposes? 更改web.config中的任何内容后是否需要重建解决方案? - Do i need to rebuild my solution after changing anything in web.config?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM