• About that task


    I think F designed the solution before deeply researching WCF, especially security aspect.

     

    The most early WI, there is a solution to simulate asp.net session. There’s no transfer secure solution.

    In 2010-08-11 email, there are BL(business logic) analysis and a encryption sample. The BL is very useful, it’s great. The encryption sample can ensure transfer security, but has some defect.

     

    1, one secure communication contains 2 aspect(or demands), 1 is  privacy when transfer, means to encrypt data. After encrypted, a hacker monitored the data transferred, but he can’t understand the information. 2 is anti-deny, means to prevent the data be interpolated or the sender say he didn’t send.

     

    2, the degree of coupling between security codes and BL codes should be reduced as low as possible, and when the system or framework or infrastructure provides the security function or interface, we should use it, not we implement it ourselves. WCF provide security function & extension interface, we don’t need write even one line codes to encrypt data, but edit the configuration file, then the WCF framework will do it. In this way, we only need to focus on the BL.

     

    So the better solution is:

    1.       The encryption sample use AES algorithm, it’s contained in WCF framework, we can edit configuration file to use it, not write codes.

    2.       The secure communication also demands digital signature to anti-deny, so the certificate is required. WCF can also support this kind of mode, no codes required.

     

    In fact, (WCF based on certificate) use PKI processing procedure, If you want to know more, I can explain more detail.

  • 相关阅读:
    堆排序(改进的简单选择排序)
    希尔排序(改进的直接插入排序)
    直接插入排序
    简单选择排序
    冒泡排序&排序算法简介
    处理器的体系结构
    虚拟存储器
    Python函数
    在主项目中添加子项目
    聚合分组查询
  • 原文地址:https://www.cnblogs.com/bighuiwolf/p/1808121.html
Copyright © 2020-2023  润新知