Home > Security, Technology > Why SSL is not the right option for web service security?

Why SSL is not the right option for web service security?


Security to web services is always not pretty straight forward…

This post primarily discusses the reasons why SSL (Secure Socket Layer) is not a best fit for ensuring web service security. SSL stands for Secure Socket Layer popularly works on Transport layer as HTTPS.

  • Web services need end-to-end security, where as SSL provides point-to-point security. While passing through SSL the message has to pass through multiple intermediaries that might not have enough security protection policies enforced! These intermediaries might pose a threat in compromising the integrity, confidentiality of the message
  • SSL doesn’t support non-repudiation. For definition of non-repudiation you may browse through on the net
  • SSL provides security only over the transport layer but not at the message level
  • If you want to encrypt Credit card information or sign a particular portion of the SOAP message then SSL is not the right option

I’ll try to bring in more information on security stuff in coming posts…

Till then have a great day and HAPPY NEW YEAR! 😀

 

Advertisements
Categories: Security, Technology
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: