I'm working on an existing C# .NET 4.5 application. It has a component that downloads data from a mainframe (I don't have details on what kind) using a TcpClient
with NetworkStream
Read
and Write
commands. The developer that originally wrote the code has left the company and the audit area is now questioning the security of how these mainframe datasets are being downloaded. The original developer's naming conventions seem to indicate that FTP was being used, but reading the documentation on TcpClient
and NetworkStream
, there is no mention of the protocols that are used to actually transfer the data.
My networking experience is very limited, but my understanding is that the TcpClient
just provides the network connection and then some sort of application protocol (such as FTP) needs to run on the TCP connection to actually move the data.
So my question is, what protocol does NetworkStream.Read
use and is it secure? If it's not secure, what is a good alternative?
NetworkStream has no inherent security... you can see whatever it is reading with any network packet viewer.
Caveat: if the data you are streaming is encrypted before you send it then you could reasonably claim it's "secure"...
By itself, System.Net.Sockets.NetworkStream
does not have any inherent security. You can visualize this by forming up a connection and capturing the traffic with Wireshark .
If you need to secure your data, have a look at SslStream
or NegotiateStream
to see if they fit your needs for custom client/server applications.
Alternately, depending on your application, you may be able to serve your data sets over HTTPS. If you just need to protect the integrity of the data sets and not the confidentiality, you could also add digital signatures to data sets and check those signatures after they are received.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.