RE: Web Service Security
From: [MSFT] (lukezhan_at_online.microsoft.com)
Date: 02/10/04
- Next message: Olav Tollefsen: "Re: Role based access to photos (jpeg files)?"
- Previous message: SPAMFILTER: "Re: Forms-based authentication expires before timeout"
- In reply to: IntraRELY: "Web Service Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Feb 2004 08:51:06 GMT
Hi Steve,
Thank you for using the community. From the description and the code, I
found you have consider a lot for the security. The security of .NET Web
serivce rely on IIS, for example, windows authentication, SSL and IP
restrict. We can assume IIS is safe enough to a web serivce. I saw you have
a method print_authenticate in the web service, and it will valid the the
user from database. If it is a SQL server, you may consider following ways
for security:
1. Set the Seb serivce running under special account and only this account
has permisison to build a connection to the database.
2. Use IPSec to provide secure communication between the web server and
database server.
3. Add a firewall between web server and database server.
Luke
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
- Next message: Olav Tollefsen: "Re: Role based access to photos (jpeg files)?"
- Previous message: SPAMFILTER: "Re: Forms-based authentication expires before timeout"
- In reply to: IntraRELY: "Web Service Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
