Re: if I encrypt key data why do I want or need SSL?
- From: "Andy" <ajj3085@xxxxxxxxxxxx>
- Date: 28 Mar 2006 11:23:40 -0800
It sounds like it would still be possible for an attacker to put junk
data into your system. Take your encrypted value, and replace it with
another encrypted value. SSL would prevent this kind of tampering,
since the whole message is signed, not just individual fields.
Leaving port 1433 open to the internet has caused problems in the past;
perhaps you heard of the slammer worm?
Even with a strongly named assembly you are still open to some kinds of
attacks.
Finally you may need to communicate data with a web service at some
point, and I doubt you'd want to provide your key to the 3rd party.
.
- Follow-Ups:
- Re: if I encrypt key data why do I want or need SSL?
- From: Rob R. Ainscough
- Re: if I encrypt key data why do I want or need SSL?
- References:
- if I encrypt key data why do I want or need SSL?
- From: Rob R. Ainscough
- if I encrypt key data why do I want or need SSL?
- Prev by Date: if I encrypt key data why do I want or need SSL?
- Next by Date: Re: Alternative to APTCA AllowPartiallyTrustedCallersAttribute?
- Previous by thread: if I encrypt key data why do I want or need SSL?
- Next by thread: Re: if I encrypt key data why do I want or need SSL?
- Index(es):
