惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
Security Latest
Security Latest
Simon Willison's Weblog
Simon Willison's Weblog
O
OpenAI News
GbyAI
GbyAI
L
LINUX DO - 最新话题
A
Arctic Wolf
T
Tor Project blog
G
GRAHAM CLULEY
I
InfoQ
博客园_首页
IT之家
IT之家
The Register - Security
The Register - Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Proofpoint News Feed
The GitHub Blog
The GitHub Blog
Blog — PlanetScale
Blog — PlanetScale
N
Netflix TechBlog - Medium
K
Kaspersky official blog
博客园 - 三生石上(FineUI控件)
S
SegmentFault 最新的问题
U
Unit 42
PCI Perspectives
PCI Perspectives
量子位
P
Palo Alto Networks Blog
S
Securelist
T
Troy Hunt's Blog
博客园 - 【当耐特】
Recorded Future
Recorded Future
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
Security Affairs
Engineering at Meta
Engineering at Meta
T
The Blog of Author Tim Ferriss
博客园 - 聂微东
罗磊的独立博客
N
News and Events Feed by Topic
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
NISL@THU
NISL@THU
C
Cisco Blogs
T
Threatpost
有赞技术团队
有赞技术团队
Forbes - Security
Forbes - Security
Hugging Face - Blog
Hugging Face - Blog
Last Week in AI
Last Week in AI
T
The Exploit Database - CXSecurity.com
Cloudbric
Cloudbric
Cyberwarzone
Cyberwarzone
Google DeepMind News
Google DeepMind News
C
Cyber Attacks, Cyber Crime and Cyber Security

博客园 - 灰灰狼

架构与设计概要 IoC概要 需求分析概要 接上文,支持并发数量的完美版本 消息队列并发处理基类-简化版 2013年5.28~7.27 Microsoft FTE 微软面试总结 String Format for DateTime 多语言建议 multi-language 问题观 New life I would like about wcf 基于证书的WCF安全开发详解 asp.net缓存(20100804完善版) - 灰灰狼 - 博客园 呼唤程序员精神——关于我今天发起的讨论的总结 asp.net mvc下实现窗口不关闭,就让Session不过期 正确的产品开发策略
About that task
灰灰狼 · 2010-08-25 · via 博客园 - 灰灰狼

I think F designed the solution before deeply researching WCF, especially security aspect.

The most early WI, there is a solution to simulate asp.net session. There’s no transfer secure solution.

In 2010-08-11 email, there are BL(business logic) analysis and a encryption sample. The BL is very useful, it’s great. The encryption sample can ensure transfer security, but has some defect.

1, one secure communication contains 2 aspect(or demands), 1 is  privacy when transfer, means to encrypt data. After encrypted, a hacker monitored the data transferred, but he can’t understand the information. 2 is anti-deny, means to prevent the data be interpolated or the sender say he didn’t send.

2, the degree of coupling between security codes and BL codes should be reduced as low as possible, and when the system or framework or infrastructure provides the security function or interface, we should use it, not we implement it ourselves. WCF provide security function & extension interface, we don’t need write even one line codes to encrypt data, but edit the configuration file, then the WCF framework will do it. In this way, we only need to focus on the BL.

So the better solution is:

1.       The encryption sample use AES algorithm, it’s contained in WCF framework, we can edit configuration file to use it, not write codes.

2.       The secure communication also demands digital signature to anti-deny, so the certificate is required. WCF can also support this kind of mode, no codes required.

In fact, (WCF based on certificate) use PKI processing procedure, If you want to know more, I can explain more detail.