Usually during my sessions, I use the phrase -""East or West XML is the Best""
Recently XML has become ubiquitous technology in the computing industry. Similarly what ever the application you build; one key feature always you need to consider is what else - SECURITY.
Now if we combine these both and ask me, how to secure my XML elements there come - XML Encryption and XML Signature. One quick question always people ask me which one to go - SSL / XML Encryption? I always suggest them to use XML Encryption. Why?
There are two main reasons for it.
1. You can encrypt a portion of sensitive XML element. Say for example, if you want to encrypt only the Credit Card details in a XML structure and leave the other details.
2. You can use the XML Encryption to encrypt data that is either transmitted directly to an application or accessed by many applications via stored media such as database record. On the other hand, SSL / other protocols encrypt the entire connection as a whole.
I don't want to reinvent the wheel of how to encrypt / use signature – Check here - The .NET Framework provides several classes that allow you to encrypt and decrypt XML data, and create and verify XML digital signatures.
No comments:
Post a Comment