I've got a WSA on a server, and multiple clients that call it, and the whole system is under the customer's control.
The system uses a username/password style "in the clear" (ie plaintext), and now that it's working I would like to secure the connection from prying / snooping eyes.
What would be the appropriate mechanism to accomplish this goal?
I've got a WSA on a server, and multiple clients that call it, and the whole system is under the customer's control.
The system uses a username/password style "in the clear" (ie plaintext), and now that it's working I would like to secure the connection from prying / snooping eyes.
What would be the appropriate mechanism to accomplish this goal?
Flag this post as spam/abuse.
What Mike said.... also enable SSL connections for the appservers
See these two KB entries for a start:
What are the maintenance implications of using SSL certs?
Has anyone done SSH tunneling and could relate what that experience?
Brian - I agree - though I'm wondering what I should be looking at then? If I was working on an application with various roles and things like that, then yes - bolt-on-after-the-fact would be a disaster. In this case the basic structure is a single server hosting a WSA with various clients polling it over the internet on a periodic basis. The customer controls both ends of the WSA call, so I'm thinking as long as I secure the end-points and the pipe in a manner similar to how SSL, SCP or SFTP works, I'll be good.
Maintenance of the certs would depend on how often (if ever) you would want to change the certificates. It should be something you would do every year at the most, probably once every few years.
Security in the app side would depend on how easy it would be for one customer to change part of the request mechanism to access other customers data. And if you have sensitive data stored in a database.
Without knowing more about the app it would be hard to say. Assuming there is a database involved... transparent data encryption, tight database user control and dbauthkey branded code and database would be a good start.