惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
T
Tailwind CSS Blog
Hugging Face - Blog
Hugging Face - Blog
Blog — PlanetScale
Blog — PlanetScale
WordPress大学
WordPress大学
aimingoo的专栏
aimingoo的专栏
Y
Y Combinator Blog
U
Unit 42
I
InfoQ
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V
Visual Studio Blog
B
Blog RSS Feed
Vercel News
Vercel News
F
Fortinet All Blogs
Know Your Adversary
Know Your Adversary
T
Troy Hunt's Blog
博客园 - 【当耐特】
MongoDB | Blog
MongoDB | Blog
大猫的无限游戏
大猫的无限游戏
A
About on SuperTechFans
Jina AI
Jina AI
小众软件
小众软件
T
Threatpost
有赞技术团队
有赞技术团队
人人都是产品经理
人人都是产品经理
The Hacker News
The Hacker News
T
The Exploit Database - CXSecurity.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Microsoft Azure Blog
Microsoft Azure Blog
Recent Announcements
Recent Announcements
酷 壳 – CoolShell
酷 壳 – CoolShell
Scott Helme
Scott Helme
B
Blog
腾讯CDC
Last Week in AI
Last Week in AI
P
Proofpoint News Feed
S
Schneier on Security
N
News and Events Feed by Topic
Microsoft Security Blog
Microsoft Security Blog
K
Kaspersky official blog
G
Google Developers Blog
T
Tor Project blog
PCI Perspectives
PCI Perspectives
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
Latest news
Latest news
Google DeepMind News
Google DeepMind News
MyScale Blog
MyScale Blog
罗磊的独立博客

博客园 - 灰灰狼

架构与设计概要 IoC概要 需求分析概要 接上文,支持并发数量的完美版本 消息队列并发处理基类-简化版 2013年5.28~7.27 Microsoft FTE 微软面试总结 String Format for DateTime 多语言建议 multi-language 问题观 New life I would like about wcf 基于证书的WCF安全开发详解 asp.net缓存(20100804完善版) - 灰灰狼 - 博客园 呼唤程序员精神——关于我今天发起的讨论的总结 asp.net mvc下实现窗口不关闭,就让Session不过期 正确的产品开发策略
About that task
灰灰狼 · 2010-08-25 · via 博客园 - 灰灰狼

I think F designed the solution before deeply researching WCF, especially security aspect.

The most early WI, there is a solution to simulate asp.net session. There’s no transfer secure solution.

In 2010-08-11 email, there are BL(business logic) analysis and a encryption sample. The BL is very useful, it’s great. The encryption sample can ensure transfer security, but has some defect.

1, one secure communication contains 2 aspect(or demands), 1 is  privacy when transfer, means to encrypt data. After encrypted, a hacker monitored the data transferred, but he can’t understand the information. 2 is anti-deny, means to prevent the data be interpolated or the sender say he didn’t send.

2, the degree of coupling between security codes and BL codes should be reduced as low as possible, and when the system or framework or infrastructure provides the security function or interface, we should use it, not we implement it ourselves. WCF provide security function & extension interface, we don’t need write even one line codes to encrypt data, but edit the configuration file, then the WCF framework will do it. In this way, we only need to focus on the BL.

So the better solution is:

1.       The encryption sample use AES algorithm, it’s contained in WCF framework, we can edit configuration file to use it, not write codes.

2.       The secure communication also demands digital signature to anti-deny, so the certificate is required. WCF can also support this kind of mode, no codes required.

In fact, (WCF based on certificate) use PKI processing procedure, If you want to know more, I can explain more detail.