WS-安全和运输安全
我无法理解以下内容:WS-Security 和 https 是作为替代方案提供的。
https(如上所述)的问题在于客户端和服务器之间存在中介,即代理。
然后我们可以围绕并保证点对点安全性,例如在代理和服务器之间,但不是端到端。
所以我们可以有:
客户端<--(安全)-->代理人 <--(安全)-->服务器
但这不等于
Client <--(secure)--> Server
那么为什么不能保证端到端呢?有人可以举一个具体的例子吗?
另外,如果在我的网络中没有任何代理,这是否意味着 https 可以?
反之亦然,如果我有代理,我必须使用 WS-Security 来代替吗?
谢谢
I can not understand the following: WS-Security and https are presented as alternatives.
The problem though with https (as described) is when there intermediaries i.e. proxies are between client and server.
Then we can work arround and guarrantee point-to-point security e.g. between proxy and server but not end to end.
So we can have:
Client <--(secure)--> Proxy
<--(secure)-->Server
But this is not equal to
Client <--(secure)--> Server
So why is not the end-to-end guaranteed? Could someone please give a specific example?
Also if in my network I do not have any proxies does this mean that https is ok?
And vice versa if I have proxies I MUST use WS-Security instead?
Thank you
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你的理解并不完全正确。使用 HTTPS,您的客户端和服务器之间的通信是安全的。代理不知道有关通信的任何信息,除了一件事 - 您正在通信的主机。这是通过使用 HTTPS 代理(HTTP Connect 命令,有关详细信息,请参阅 RFC 2616)来实现的。所以HTTPS是没有问题的(不知道你在哪里找到了相反的情况)。
Your understanding is not exactly correct. With HTTPS your communication is secure between client and server. Proxy doesn't know anything about the communication except one thing - the host you are communicating to. This is achieved by using HTTPS proxy (HTTP Connect command, see RFC 2616 for details). So there's no problem with HTTPS (I don't know where you've found the opposite).