RE: Web Service Security
From: [MSFT] (lukezhan_at_online.microsoft.com)
Date: 02/10/04
- Next message: AF: "Additional namespace in web service"
- Previous message: Govind Ramanathan: "Re: Async DIME call seem to drop randomly"
- In reply to: IntraRELY: "Web Service Security"
- Next in thread: IntraRELY: "Re: Web Service Security"
- Reply: IntraRELY: "Re: Web Service Security"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 10 Feb 2004 08:50:07 GMT
Hi Steve,
Thank you for using the community. From the description and the code, I
found you have consider a lot for the security. The security of .NET Web
serivce rely on IIS, for example, windows authentication, SSL and IP
restrict. We can assume IIS is safe enough to a web serivce. I saw you have
a method print_authenticate in the web service, and it will valid the the
user from database. If it is a SQL server, you may consider following ways
for security:
1. Set the Seb serivce running under special account and only this account
has permisison to build a connection to the database.
2. Use IPSec to provide secure communication between the web server and
database server.
3. Add a firewall between web server and database server.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
- Next message: AF: "Additional namespace in web service"
- Previous message: Govind Ramanathan: "Re: Async DIME call seem to drop randomly"
- In reply to: IntraRELY: "Web Service Security"
- Next in thread: IntraRELY: "Re: Web Service Security"
- Reply: IntraRELY: "Re: Web Service Security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
