Mastering Web Services Security p3

và giá cả trong lĩnh vực thương mại điện tử, sử dụng getProducts và getPrice. Khách hàng sau đó đặt một đơn đặt hàng cho các sản phẩm vào tài khoản của mình, mà yêu cầu ePortal từ , sử dụng placeOrder. Đôi khi sau đó khách hàng giải quyết các đơn đặt hàng với số thẻ tín dụng, yêu cầu ePortal từ bằng cách gọi settleOrder. | 68 Chapter 3 We have set up this example with Microsoft technology exclusively. Using technology from any one vendor is always the easiest because vendors want to ensure that the solutions they provide are self-contained. However a single-technology solution is not acceptable for many Web Services deployments. In fact one of the main advantages of Web Services is their ability to support cross-vendor applications such as .NET systems connecting to J2EE environments. Users of Web Services want to connect applications across enterprise lines of business or across enterprise boundaries. If the security technologies used by Web Services clients and servers are required to be identical this limitation eliminates one of the primary advantages of Web Services. Much of this book discusses how to apply Web Services security when Web Services clients and servers use different and potentially incompatible security technologies. We discuss techniques to support secure interoperability in Chapter 10 Interoperability of Web Services Security Technologies. Our example relies heavily on IIS security mechanisms both to authenticate users and protect traffic. Web servers from all vendors and from Microsoft in particular have come under heavy attack as sources of vulnerability. We see a constant stream of Web server patches to address new vulnerabilities which continue to be discovered at an alarming rate. This is not a surprise considering the extensive and complex features offered by Web Services products there are plenty of ways to inadvertently create security holes in any complex software. Because a primary purpose of Web Services is to enable flexible remote procedure call RPC access to applications the stakes for Web server vulnerabilities become much higher. A weakness that is exploited in the Web server could expose your entire corporate network. If IIS security were compromised in this sample system eBusiness applications would be wide open and attackers could potentially .

Không thể tạo bản xem trước, hãy bấm tải xuống
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.