Last post Jun 27, 2014 03:43 PM by AidyF
Jun 27, 2014 09:31 AM|jjmonty|LINK
I found this slidedeck comparing WCF and Web API:
On a chart comparing security support, a disctinction is made between "HTTP Services" and "HTTPS / SSL".
Can someone explain the difference in the context of security?
Jun 27, 2014 10:00 AM|AidyF|LINK
HTTP services are services you call over html which is all in plain text on the wire. Calling a service over HTTPS means it uses SSL to encrypt the data on the wire so it is no longer plain text.
Jun 27, 2014 10:33 AM|jjmonty|LINK
I think you are describing the difference between HTTP / HTTPS /SSL.
If you look at Slide 37 of the deck I cite, the author makes a distinction between:
1) HTTP Services
2) HTTPS / SSL
Clearly the two are seperate in the author's mind.
I am trying to clarify the difference between those two seperate forms of security, not the difference between HTTP and HTTPS.
Jun 27, 2014 03:43 PM|AidyF|LINK
1 ) No in-built security at the transport layer
2) The transport layer is encrypted
That's about it. HTTPS doesn't have anything to do with authorisation, it merely ensures the data is encrypted on the wire. If you want security in terms of access control\authorisation then you still need to implement that using standard means regardless
of if you use http or https.