Transport-level vs message-level security

Question

I\'m reading a book on WCF and author debates about pros of using message-level security over using transport-level security. Anyways, I can\'t find any logic in author\'s a

Answer 1

I think I see what he's getting at. Say like this:

Web client ---> Presentation web server ---> web service call to database

In this case you're depending on the middle server encrypting the data again before it gets to the database. If the message was encrypted instead, only the back end would know how to read it, so the middle doesn't matter.