简体繁体中英

do i need ssl on my web application?

原文 2013-01-02 21:09:03 4 1 asp.net/ iis/ ssl

I have an application which is structured as: Web Application - WCF Service - Database

All communicate to and from the database goes through the WCF Service, the Web Application is not able to directly talk to the database. I needed to protect the data as it travels across, so i setup SSL on my local machine to test and configured it in IIS, so now the WCF Service has to be hit using HTTPS. However, I did not setup my Web Application to use HTTPS, is that ok? I thought since the WCF Service is doing all the transferring of data, it's the only one that needs HTTPS.

Thanks.

1 answers

If you're interested in encrypting your data, you need to make sure it's passed encrypted on all tiers of your application. From your description it seems that the data passed from the user to the WebApplication itself is unencrypted and therefor passed in clear text. This means that anyone that "listens" to the traffic between your users and the Web Application can intercept the data.

I recommend adding SSL on the Web Application too, to make sure that your data passes encrypted through all 3 tiers of your application.

Do I need SessionStateModule in my ASP.NET MVC3 application hosted in Azure web role?

Do I need a static TopicClient property in an Mef instantiated class to enforce the use of a single TopicClient in my web application?

Do I need an access token for my web api service?

how do i set the connection string for my web application in azure?

Shifting Web Forms web site to Web Forms/MVC web application, what gotchas (config, security) do I need to look out for?

I need a notification system in a web application

iSeries + ASP.NET web application - Do I need any special license for iSeries?

How do I know if I need “WCF HTTP Activation” in my application?

What do I need to run ASP.NET web applications on my personal machine for testing purposes?

Do i need to rebuild my solution after changing anything in web.config?

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Do I need SessionStateModule in my ASP.NET MVC3 application hosted in Azure web role? Do I need a static TopicClient property in an Mef instantiated class to enforce the use of a single TopicClient in my web application? Do I need an access token for my web api service? how do i set the connection string for my web application in azure? Shifting Web Forms web site to Web Forms/MVC web application, what gotchas (config, security) do I need to look out for? I need a notification system in a web application iSeries + ASP.NET web application - Do I need any special license for iSeries? How do I know if I need “WCF HTTP Activation” in my application? What do I need to run ASP.NET web applications on my personal machine for testing purposes? Do i need to rebuild my solution after changing anything in web.config?

Related Tags

do i need ssl on my web application?

Question

1 answers

solution1 1 ACCPTED 2013-01-02 21:20:10

solution1
1 ACCPTED 2013-01-02 21:20:10