If I have an application that I send out to users, and the application
interacts with the database (behind the scenes, no direct sql creation by the
users)....do webservices make the app more secure? I always thought of
webservices as just a good way to allow users to have an API for them to
interact with the database, but are webservices useful if the user never
really knows that they are there? 6 1628
"Craig" <Cr***@discussi ons.microsoft.c omwrote in message
news:47******** *************** ***********@mic rosoft.com...
If I have an application that I send out to users, and the application
interacts with the database (behind the scenes, no direct sql creation by
the
users)....do webservices make the app more secure? I always thought of
webservices as just a good way to allow users to have an API for them to
interact with the database, but are webservices useful if the user never
really knows that they are there?
Web Services are a secure method of passing data between tier(s) in N-Tier
architect. http://msdn2.microsoft.com/en-us/library/ms978384.aspx
From a Windows desktop application using Web services, the more you can
reduce the foot print of the installed application on the workstation that's
using Web services, the more secure said application will be overall.
"Mr. Arnold" <MR. Ar****@Arnold.c omwrote in message
news:8C******** *************** ***********@mic rosoft.com...
>
"Craig" <Cr***@discussi ons.microsoft.c omwrote in message
news:47******** *************** ***********@mic rosoft.com...
>If I have an application that I send out to users, and the application interacts with the database (behind the scenes, no direct sql creation by the users)....do webservices make the app more secure? I always thought of webservices as just a good way to allow users to have an API for them to interact with the database, but are webservices useful if the user never really knows that they are there?
Web Services are a secure method of passing data between tier(s) in N-Tier
architect.
http://msdn2.microsoft.com/en-us/library/ms978384.aspx
From a Windows desktop application using Web services, the more you can
reduce the foot print of the installed application on the workstation
that's using Web services, the more secure said application will be
overall.
I'm afraid that I don't follow your argument. Are you suggesting that,
instead of using, for instance, TCP/IP to send queries from the desktop
application to the database server, you would instead use SOAP over TCP/IP
to first send requests to a web service which would then send the queries to
the database? This will not necessarily be more secure, and could be less
secure depending on how it's implemented.
--
John Saunders [MVP]
"John Saunders [MVP]" <john.saunder s at trizetto.comwro te in message
news:ea******** ******@TK2MSFTN GP03.phx.gbl...
"Mr. Arnold" <MR. Ar****@Arnold.c omwrote in message
news:8C******** *************** ***********@mic rosoft.com...
>> "Craig" <Cr***@discussi ons.microsoft.c omwrote in message news:47******* *************** ************@mi crosoft.com...
>>If I have an application that I send out to users, and the application interacts with the database (behind the scenes, no direct sql creation by the users)....d o webservices make the app more secure? I always thought of webservices as just a good way to allow users to have an API for them to interact with the database, but are webservices useful if the user never really knows that they are there?
Web Services are a secure method of passing data between tier(s) in N-Tier architect.
http://msdn2.microsoft.com/en-us/library/ms978384.aspx
From a Windows desktop application using Web services, the more you can reduce the foot print of the installed application on the workstation that's using Web services, the more secure said application will be overall.
I'm afraid that I don't follow your argument. Are you suggesting that,
instead of using, for instance, TCP/IP to send queries from the desktop
application to the database server, you would instead use SOAP over TCP/IP
to first send requests to a web service which would then send the queries
to the database? This will not necessarily be more secure, and could be
less secure depending on how it's implemented.
I think the less code you have on the client machine, the less the foot
print of said application will be, reducing the attack vector.
From an Internet standpoint, a solution that's coming over the Internet on
HTTP port 80, using a Web service and using encrypted SOAP may be a better
solution than to open up a port on a firewall exposing the port for database
access on a database server using TCP.
The database server when a Web service is accessing it is already behind
the firewall and the database server is not exposed to the Internet.
The only other way I would allow database access for a application over the
Internet would be to use an application server, using .NET Remoting.
The application on the application server would be sending and receiving
data to the client, with the application on the application sever accessing
the database on the database server behind the firewall .
A chosen TCP port would selected for client/server application
communications, using Binary over TCP, encrypted.
If it's an Intranet solution, then may be it's a different approach.
..
"Mr. Arnold" <MR. Ar****@Arnold.c omwrote in message
news:1E******** *************** ***********@mic rosoft.com...
>
"John Saunders [MVP]" <john.saunder s at trizetto.comwro te in message
news:ea******** ******@TK2MSFTN GP03.phx.gbl...
>"Mr. Arnold" <MR. Ar****@Arnold.c omwrote in message news:8C******* *************** ************@mi crosoft.com...
>>> "Craig" <Cr***@discussi ons.microsoft.c omwrote in message news:47****** *************** *************@m icrosoft.com... If I have an application that I send out to users, and the application interacts with the database (behind the scenes, no direct sql creation by the users).... do webservices make the app more secure? I always thought of webservice s as just a good way to allow users to have an API for them to interact with the database, but are webservices useful if the user never really knows that they are there?
Web Services are a secure method of passing data between tier(s) in N-Tier architect.
http://msdn2.microsoft.com/en-us/library/ms978384.aspx
From a Windows desktop application using Web services, the more you can reduce the foot print of the installed application on the workstation that's using Web services, the more secure said application will be overall.
I'm afraid that I don't follow your argument. Are you suggesting that, instead of using, for instance, TCP/IP to send queries from the desktop application to the database server, you would instead use SOAP over TCP/IP to first send requests to a web service which would then send the queries to the database? This will not necessarily be more secure, and could be less secure depending on how it's implemented.
I think the less code you have on the client machine, the less the foot
print of said application will be, reducing the attack vector.
All else being equal, that might be the case, but one would need to define
"footprint" and then enumerate the attack vectors and then see which, if any
of them, matter in the particular situation. In any case, I don't think it's
clear enough to make a blanket statement.
....
If it's an Intranet solution, then may be it's a different approach.
As the OP didn't state whether this was an Internet or Intranet application,
nor whether he sends it to internal or external users, I made the assumption
that this was an Intranet application. That may just be my age talking. ;-)
--
John Saunders [MVP]
Hi Guys,
As far as I know, .NET remoting is more secure than web services althought
you can do a lot to enhance security on the web services like using a secure
port or even a different port and other features that may be implemented.
However, my decision whether to use or not use web services really depends on
the enviroment I am developing in. If it is heteregons and data is going to
pass firewalls, I would definitly use Web Services....Els e I would use .NET
remoting if the whole enviroment is built on .NET.
In the end, Web Services and .NET Remoting are as secure as you can make
them....However , Web Services are better for Reuse than .NET Remoting as well
as more easy to implement....
So go ahead...Use Web Services and change the default port, make internal
directories on your IIS, change defaults, etc...
"John Saunders [MVP]" wrote:
"Mr. Arnold" <MR. Ar****@Arnold.c omwrote in message
news:1E******** *************** ***********@mic rosoft.com...
"John Saunders [MVP]" <john.saunder s at trizetto.comwro te in message
news:ea******** ******@TK2MSFTN GP03.phx.gbl...
"Mr. Arnold" <MR. Ar****@Arnold.c omwrote in message
news:8C******** *************** ***********@mic rosoft.com...
"Craig" <Cr***@discussi ons.microsoft.c omwrote in message news:47******* *************** ************@mi crosoft.com... If I have an application that I send out to users, and the application interacts with the database (behind the scenes, no direct sql creation by the users)....d o webservices make the app more secure? I always thought of webservices as just a good way to allow users to have an API for them to interact with the database, but are webservices useful if the user never really knows that they are there?
Web Services are a secure method of passing data between tier(s) in N-Tier architect.
http://msdn2.microsoft.com/en-us/library/ms978384.aspx
From a Windows desktop application using Web services, the more you can reduce the foot print of the installed application on the workstation that's using Web services, the more secure said application will be overall.
I'm afraid that I don't follow your argument. Are you suggesting that,
instead of using, for instance, TCP/IP to send queries from the desktop
application to the database server, you would instead use SOAP over
TCP/IP to first send requests to a web service which would then send the
queries to the database? This will not necessarily be more secure, and
could be less secure depending on how it's implemented.
I think the less code you have on the client machine, the less the foot
print of said application will be, reducing the attack vector.
All else being equal, that might be the case, but one would need to define
"footprint" and then enumerate the attack vectors and then see which, if any
of them, matter in the particular situation. In any case, I don't think it's
clear enough to make a blanket statement.
....
If it's an Intranet solution, then may be it's a different approach.
As the OP didn't state whether this was an Internet or Intranet application,
nor whether he sends it to internal or external users, I made the assumption
that this was an Intranet application. That may just be my age talking. ;-)
--
John Saunders [MVP]
"naraby" <na****@discuss ions.microsoft. comwrote in message
news:53******** *************** ***********@mic rosoft.com...
Hi Guys,
As far as I know, .NET remoting is more secure than web services althought
you can do a lot to enhance security on the web services like using a
secure
port or even a different port and other features that may be implemented.
However, my decision whether to use or not use web services really depends
on
the enviroment I am developing in. If it is heteregons and data is going
to
pass firewalls, I would definitly use Web Services....Els e I would use
.NET
remoting if the whole enviroment is built on .NET.
In the end, Web Services and .NET Remoting are as secure as you can make
them....However , Web Services are better for Reuse than .NET Remoting as
well
as more easy to implement....
So go ahead...Use Web Services and change the default port, make internal
directories on your IIS, change defaults, etc...
You do know that you can use Binary over HTTP and Web services together with
the Web Server acting as an application gateway for ASP.NET or a Windows
Desktop solution. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Seth |
last post by:
I have noticed that the id of my session object changes
when I switch from a non-secure to a secure connection.
What I'm trying to do:
I have a cookie that is built on the non-secure side of
things. What I need to do is to switch to a secure
connection and then later on while still in that secure
connection delete the cookie that was...
|
by: Tom |
last post by:
Hi,
I am currently on a project where one site needs to send the user
credentials to another site, through web services.
Scenario:
* "User 1" will authenticate to "Site A" using NTLM ("Site A" provides
front-end presentation of data)
* "Site A" will request confidential information about "User 1" to "Site B"
|
by: androoo |
last post by:
Hi all
I have read both scott mitchells (4 guys) articles on why he doesnt
like to use datasets from webservices and I have some questions if
anyone has some experience in this.
How secure is my app if i pass a dataset from a webservice to my
application ?
What is the future for webservices and passing back data in .net2? Ive
|
by: Colin Graham |
last post by:
My skills are in VB. Net/SQL Server and i have touched on PDA
development mainly as a tester. i am aware of using webservices for
functionality.
I have been given a task to develop a solution which enables users of
handheld devices to go out to various sites and record information and
send the information back to a head office from site for...
|
by: news.microsoft.com |
last post by:
I have been looking around at the documentation and have come across a lot
about how to create webservices and consume them.
I have a fairly large 3 tier application with a ton of classes in c# that
are currently being used by the website. Is there a quick/ rad tool that can
take a c# class and generate a webservice proxy/asmx file? Any...
| |
by: Peter Norregaard |
last post by:
Our customers have different names SLA’s / Service Level Agreements but use
the same webservice. How do I handle that some users can be allowed to wait
when the load is high while others can’t? One possible scenario could be to
redirect VIPs to a more powerful webfarm than the one the common user uses.
But is it a good solution and, in...
|
by: Komandur Kannan |
last post by:
We have a smart device application running on handhelds(Symbol MC9000G). The
backend is Oracle and a middle tier web services development done in Vb.net.
We use pessimistic Locking due to specific business needs
When such a lock is made for a transaction (this code is in the web service)
and the handhelds are terminated abnormally (cold...
|
by: UJ |
last post by:
I've got a network engineer who is absolutely anal about network security.
He is questioning how secure web services are and I can't answer him with
definitive answers. Do web services run over port 80? How about port 443?
Are they secure? He's also paranoid about loginning in - is there a primer
somewhere where I can look at how to make my...
|
by: ChrisM |
last post by:
Hi,
I have written a stand alone WinForms application with an MS Access back-end
for the (small)company I work for. They are now talking about moving a part
of their operations into a second site 50 miles away from the main one.
The second site will simply be a stores. They will need some software in
order to do a few things here, but...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |