Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / February 2006

Tip: Looking for answers? Try searching our database.

Does it make any sense to apply WSE 3.0 (Security) on top of SSL?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
John - 13 Feb 2006 17:44 GMT
I am working on a project, the SSL is a requirement, so given the SSL
is the mandate, does it make any sense to apply any WSE 3.0 (Security)
on top of SSL?
Thanks in advance.
John
Reply to this Message
Josh Twist - 14 Feb 2006 08:05 GMT
Possibly. SSL is transport level security, it basically ensures that
nobody can listen in to a conversation between you and someone else.

You could however use WSE 3.0 to ensure that you only have
conversations with people who provide you with a name and password...
and more.

Depends what you need to do.

Josh
http://www.thejoyofcode.com/
Reply to this Message
Josh Twist - 14 Feb 2006 21:19 GMT
Did that help John?

Josh
Reply to this Message
John - 15 Feb 2006 02:02 GMT
Thanks. When you say
"WSE 3.0 to ensure that you only have conversations with people who
provide you with a name and password... "

I thought you could do the same thing in SSL with Basic Authentication.
What I am trying to find out is given SSL is very secure, I already
using SSL and the only thing I am concerted about is security and do
not care about other fancy stuff. Does it justify the cost (both the
development & performance on top of SSL) to use WSE 3.0?
Thanks again for your help
John

> Did that help John?
>
> Josh
Reply to this Message
Josh Twist - 15 Feb 2006 08:07 GMT
Good point, you could do it that way too.

If your combination of SSL and Basic Authentication meet all your
requirements (conversations can't be listened too and users must
authenticate) then I'd probably say WSE isn't going to add anything to
this scenario.

As you're obviously aware, It does provide alternatives to how you're
doing what you're doing but I can't think of any killer advantages as
SSL and Basic Auth are also public HTTP standards.

Good Luck!

Josh
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.