SSL Myth Busting: One-way certificate authentication of a SOA web service is secure because it uses HTTPS.

von VPNHaus | 04.10.2011 |SSL

y lies in its use of descriptor-based definitions of application transactions that can be articulated directly from a business process into a service description with associated attributes in the description correlating to the procedures of the business process and sub-process threads.

Because SOA uses web-based technology, it is convenient to use SSL as the mechanism to secure user sessions. SSL can be used to tunnel any application-level protocol, which would be otherwise run on top of TCP in the communications protocol stack. The most common use nowadays is to secure the HTTP communication vis-à-vis HTTPS, in which case the user’s browser is not authenticated -- only the server side is authenticated by SSL. This is known as one-way SSL authentication. Sounds safe? Think again.

Man-in-the-Middle  (MITM) attacks have been successful against this authentication scheme for at least 10 years.

Myth debusted.

Diese Webseite verwendet Cookies

Wir verwenden Cookies, um Inhalte zu personalisieren und die Zugriffe auf unsere Website zu analysieren. Weitere Informationen finden Sie in unserer Datenschutzerklärung.