Avoiding data theft

---

• From: egyptegypt@xxxxxxxxx
• Date: 6 Jul 2006 12:48:41 -0700

---

I'm pretty new to web security so I'm hoping someone can clarify
something for me.

Basically, I'm wondering how to avoid the following scenario:
1. Windows application calls web service with user-specific data and a
unique ID identifying the user's account on the server.
2. Malicious user eavesdrops on that call and copies the user-specific
data.
3. Malicious user replaces the user's ID with his own unique ID and
sends that along with the intercepted user data and has thereby stolen
the user's info.

I've fully encrypted all data being passed back and forth using WSE and
I'm sure this is accounted for somehow, I'd just like to understand
how. Is this where the certificate comes into play?

Thanks in advance.

.

---

• Follow-Ups:
  • Re: Avoiding data theft
    • From: Pablo Cibraro

• Prev by Date: Re: Object contains only the public half of a key pair. A private
• Next by Date: MTOM problem!
• Previous by thread: Re: Problem Using WSE 3.0 With a Certificate Stored on Smart-Card
• Next by thread: Re: Avoiding data theft
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.webservices.enhancements  > 2006-07