hi, is there a way for some one to sneak in the to see data if my service is over http and the caller in my case is hosted on http (i.e. service is on secure ssl host while caller is on simple http). is that call secure or not?
+1
A:
Basic HTTP without any encryption or other means of obfuscating your content is just plain text going over the wire. Anyone with a bit of knowledge can trap that connection and just read everything that goes on.
I don't quite understand what you mean by the server is on secure host but the client is not? Either the conversation between those two is secured by SSL / HTTPS (but then BOTH ends need to participate), or not. If not - it's just clear text on the wire.
Marc
marc_s
2009-06-05 06:42:58
only one end i.e. WCF Service is on https but client is on http.
Usman Masood
2009-06-05 06:56:02
That doesn't work - either both ends of the conversation speak HTTPS - then the traffic is encrypted - otherwise, having the capability of HTTPS on the server is NOT being used - the traffic is cleartext
marc_s
2009-06-05 07:42:06
+1
A:
Yes if someone is able to sneak into your transmissions, they can workout if the messages are encrypted or not.
When you connect to a server marked with server side SSL (server marked with https), it sends a copy of its cert to the client (e.g. your browser) which verifies if its a genuine cert. This only confirms that the server is really what it says it is and not someone else masquerading.
This does not guarantee that no can intercept your message. They can intercept but wont be able to decrypt.
Sesh
2009-06-05 06:57:26