Re: Web services & SSL
- From: "Josh Twist" <josh.twist@xxxxxxxxx>
- Date: 13 Jun 2006 13:26:51 -0700
SSL is still an excellent way of securing your transmissions even
though you're not using a 'browser'. You're still using HTTPS so the
client (your proxy) will act in the same way as your browser and
encrypt the message as required.
There are other tools you could use to secure transmissions such as
WSE3, but SSL is great because it's tried and tested and takes place at
a higher level of abstraction- therefore you don't have to change
anything in your code to use it.
(Without wanting to cloud the issue, you might want to look at WCF
(windows communication foundation) for hosting your web service, which
takes this whole idea of protocol abstaction to whole new level with
its ABCs (Address, Binding, Contract) of web services.
Josh
http://www.thejoyofcode.com/
cn2006a wrote:
Hi, I am new to web services and have to write one end of a B2B
application, ie my app will talk to a remote app and vice versa. The
developer of the other end is suggesting we use SSL for security.
I'm still trying to understand the security options, and I'm slightly
confused about using SSL. My understanding is that when using HTTPS,
decryption happens in the browser rather than within IIS. Since I will
not be using a browser to talk to the other end, where does the
decryption take place? Do I call a library routine to do this? Or
should I look at securing this app some other way, eg something within
WSE?
Thanks,
ChrisN
.
- Follow-Ups:
- Re: Web services & SSL
- From: Simon Hart
- Re: Web services & SSL
- References:
- Web services & SSL
- From: cn2006a
- Web services & SSL
- Prev by Date: Re: Proxy generation fails
- Next by Date: Re: Calling Web Services Dynamically
- Previous by thread: Web services & SSL
- Next by thread: Re: Web services & SSL
- Index(es):
Relevant Pages
|
