RE: [Rainbowportal-devel] Future stuff
Brought to you by:
danijel_kecman,
manudea
From: John C. <JC...@ad...> - 2004-09-20 14:50:38
|
I=E2=80=99ve done some work with Web Services and WSE 2.0. This handles = all the encryption and much, much more. No SSL required. A little more = work to implement but MS makes it pretty easy. I would suggest going = this route. WinForms is the way to go for admin, much more robust. = I=E2=80=99m happy to help out with this if needed. =20 _____ =20 From: rai...@li... = [mailto:rai...@li...] On Behalf Of = Christoph Schramm Sent: Monday, September 20, 2004 10:46 AM To: rai...@li... Subject: RE: [Rainbowportal-devel] Future stuff =20 Correct me but that would require a ssl-certificate which costs at least = 100=E2=82=AC=20 =20 _____ =20 From: rai...@li... = [mailto:rai...@li...] On Behalf Of = Plowman, Mark Sent: Montag, 20. September 2004 16:40 To: 'rai...@li...' Subject: RE: [Rainbowportal-devel] Future stuff =20 securing web-services without SSL against someone with a packet sniffer = is not possible (someone correct me here?) as all information is sent in = clear text. Using SSL, one of the most efficient methods is to have a login function = protected by SSL which then provides a session id that is valid for 30 = minutes. Every admin function call made passes this session id rather than the = admin login credentials and authentication is made against the session = id. This means that admin functions can run outside of SSL which will make = them faster (SSL has a fairly high overhead) and if a packet sniffer = gets hold of a valid session id, it will only be valid for 30 minutes. If the session id has expired, the WinForm can be prompted to login = interactively again in a way that is transparent to the user... I hope I'm wrong here, but I havn't yet found a way of securing = web-services without using SSL at some point.=20 Cheers,=20 Mark=20 =20 > -----Original Message-----=20 > From: manu [mailto:ma...@du...]=20 > Sent: 20 September 2004 15:20=20 > To: rai...@li...=20 > Subject: RE: [Rainbowportal-devel] Future stuff=20 >=20 >=20 > I think an win form or remote management interface will run=20 > on top of web=20 > services.=20 > So the question is: how much effort is needed to expose admin=20 > modules as=20 > webservices and how can we secure it without no special=20 > install on server=20 > (like SSL server side)?=20 _____ =20 size=3D2 width=3D"100%" align=3Dcenter>=20 This message is intended only for the addressee(s) and may be = confidential. Access to this email by anyone else is unauthorised. Any = opinions expressed in this email do not necessarily reflect the opinions = of BCA. Any unauthorised disclosure, use or dissemination, either in = whole or in part is prohibited. If you are not the intended recipient of = this message please notify the sender immediately. BCA, Greater London = House, Hampstead Road, London. NW1 7TZ. Tel: 020 7760 6500. This message = has been checked for all known viruses by the MessageLabs Virus Scanning = Service. _____ =20 =20 =20 |