My goal is to launch an installation with admin credentials(user with install rights), In order to do this I need to pass these user credentials from a webservice. So the question is What is the most secure way I could pass this data. Keeping in mind the user of the end client is not logged in as an administrator but I would assume has access to the data during transport(ie I cannot count on channel security alone.)
我的目标是使用管理员凭据(具有安装权限的用户)启动安装。为此,我需要从Web服务传递这些用户凭据。所以问题是我能传递这些数据最安全的方式是什么。请记住,最终客户端的用户不是以管理员身份登录的,但我认为在传输过程中可以访问数据(即我不能单独依靠通道安全性。)
Myclient code would be a vb or C# application talking to an asp.net webservice.
Myclient代码将是一个与asp.net webservice交谈的vb或C#应用程序。
2 个解决方案
#1
1
Encryption will protect admin credentials during transport from WebService to application memory, as pointed by gedevan.
如gedevan所指出的,加密将在从WebService到应用程序内存的传输过程中保护管理员凭据。
Do you mean you also want to protect them from the user who launches application? Keep in mind, he is an owner of your process, so with the right tooling and a lot of determination he should be able to extract credentials from process memory.
您是否也想要保护他们免受启动应用程序的用户的侵害?请记住,他是您的流程的所有者,因此使用正确的工具和很多决心,他应该能够从流程内存中提取凭据。
#2
0
Using encryption of message body (WS-Encryption) in pair with HTTPS is a quite secured in most cases.
在大多数情况下,使用与HTTPS配对的消息体(WS-Encryption)加密是非常安全的。
#1
1
Encryption will protect admin credentials during transport from WebService to application memory, as pointed by gedevan.
如gedevan所指出的,加密将在从WebService到应用程序内存的传输过程中保护管理员凭据。
Do you mean you also want to protect them from the user who launches application? Keep in mind, he is an owner of your process, so with the right tooling and a lot of determination he should be able to extract credentials from process memory.
您是否也想要保护他们免受启动应用程序的用户的侵害?请记住,他是您的流程的所有者,因此使用正确的工具和很多决心,他应该能够从流程内存中提取凭据。
#2
0
Using encryption of message body (WS-Encryption) in pair with HTTPS is a quite secured in most cases.
在大多数情况下,使用与HTTPS配对的消息体(WS-Encryption)加密是非常安全的。