If you are interested, you can discuss the security of WebService data interaction. The following code can be used for any hosted applications in the Dotnet environment, there are two instances in the actual application. Here, there is a URL: http://www.tttsss.com/webservice/THRDataService.asmx hanging on the Internet, interested can look at the Soap information. Of course, there is no way to look at the encryption and decryption process in it! Otherwise, I have no face, right!
What I wrote in the previous two years is now sorted out! In the past, the company needed to do WebService and encrypted the SoapHeader of WebService, So we wrote this stuff! Key management is required to use this class! Data Encryption is often required to ensure data security. However, one of the disadvantages of encryption is that it affects the running efficiency of the program, at that time, my idea was to only encrypt the user's login information (username and password! Data is transmitted in plain text. If user information verification fails, no data is transmitted.
In actual network communication, the key-secret method is not impeccable. If a hacker can capture the Information encrypted with the key, the user will verify the information and then make a simulated request, send a request to the server that provides WebService, or you can obtain the request data! So I used the IP address or domain name binding method again! After all, WebService is not directly provided to end users! Therefore, even if the attackers attempt to obtain the services provided by WebService in illegal ways, they will pay more for them!
Another security suggestion is to regularly change the key. In this example, we use symmetric encryption, which is consistent with the key of the encryption party and the decryption party! Regular key replacement can improve security!
For better methods or suggestions, please leave a message to discuss them! Improve together!
The Code is as follows:
Using System;
Using System. Security. Cryptography;
Using System. Text;
Using System. IO;
Namespace SEDO
{
/// <Summary>
/// Summary of SEDO.
/// SEDO implements a component that encapsulates four symmetric encryption methods (Des, Rc2, Rijndael, and TripleDes ).
///
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
