Re: Avoiding data theft
- From: "Pablo Cibraro" <pcibraro@xxxxxxxxxxx>
- Date: Fri, 7 Jul 2006 10:44:08 -0400
Hi,
I recommend you to take a look to this guide,
http://msdn.microsoft.com/library/en-us/dnpag2/html/WSSP.asp .
It is a web services security guide published by the Microsoft Patterns &
Practices team,
and it is a really good starting point to know more about web services
security (In addition, it contains many WSE samples).
Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
<egyptegypt@xxxxxxxxx> wrote in message
news:1152215321.764850.321090@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'm pretty new to web security so I'm hoping someone can clarify
something for me.
Basically, I'm wondering how to avoid the following scenario:
1. Windows application calls web service with user-specific data and a
unique ID identifying the user's account on the server.
2. Malicious user eavesdrops on that call and copies the user-specific
data.
3. Malicious user replaces the user's ID with his own unique ID and
sends that along with the intercepted user data and has thereby stolen
the user's info.
I've fully encrypted all data being passed back and forth using WSE and
I'm sure this is accounted for somehow, I'd just like to understand
how. Is this where the certificate comes into play?
Thanks in advance.
.
- References:
- Avoiding data theft
- From: egyptegypt
- Avoiding data theft
- Prev by Date: Re: WS-Addressing and Load Balancing Appliance Issues
- Next by Date: Multiple Policies from one Web Service ?
- Previous by thread: Avoiding data theft
- Next by thread: MTOM problem!
- Index(es):
Relevant Pages
|
