Microsoft® .NET Distributed Applications: Integrating XML Web Services and .NET Remoting
by Matthew MacDonald
Encryption
So far, we’ve discussed only one aspect of security: authenticating users and authorizing tasks. Authentication is the heart of security design, but it’s not the only consideration. With a network sniffer, a malicious user could extract ticket GUIDs, usernames, and passwords as they flow between client and server, not to mention sensitive data such as credit card information. If you use integrated Windows authentication, malicious users won’t be able to retrieve passwords and account information, but they will still have easy access to any other sensitive data transmitted between the client and the server-side object. In fact, if you’re using the SOAP format, this information is sent in clear-text messages.
The only way to protect communication ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access