问题
I can not understand the following: WS-Security and https are presented as alternatives.
The problem though with https (as described) is when there intermediaries i.e. proxies are between client and server.
Then we can work arround and guarrantee point-to-point security e.g. between proxy and server but not end to end.
So we can have:
Client <--(secure)--> Proxy <--(secure)-->Server
But this is not equal to
Client <--(secure)--> Server
So why is not the end-to-end guaranteed? Could someone please give a specific example?
Also if in my network I do not have any proxies does this mean that https is ok?
And vice versa if I have proxies I MUST use WS-Security instead?
Thank you
回答1:
Your understanding is not exactly correct. With HTTPS your communication is secure between client and server. Proxy doesn't know anything about the communication except one thing - the host you are communicating to. This is achieved by using HTTPS proxy (HTTP Connect command, see RFC 2616 for details). So there's no problem with HTTPS (I don't know where you've found the opposite).
来源:https://stackoverflow.com/questions/4586641/ws-security-and-transport-security