SSL Myth Busting: One-way certificate authentication of a SOA web service is secure because it uses HTTPS.

by VPNHaus | 10/04/2011 |SSL

y lies in its use of descriptor-based definitions of application transactions that can be articulated directly from a business process into a service description with associated attributes in the description correlating to the procedures of the business process and sub-process threads.

Because SOA uses web-based technology, it is convenient to use SSL as the mechanism to secure user sessions. SSL can be used to tunnel any application-level protocol, which would be otherwise run on top of TCP in the communications protocol stack. The most common use nowadays is to secure the HTTP communication vis-à-vis HTTPS, in which case the user’s browser is not authenticated -- only the server side is authenticated by SSL. This is known as one-way SSL authentication. Sounds safe? Think again.

Man-in-the-Middle  (MITM) attacks have been successful against this authentication scheme for at least 10 years.

Myth debusted.

This website uses cookies

We use cookies to personalize content and analyze access to our website. You can find further information in our data protection policy.

OK