hi all,
i want to create a service broker application between two different instances.
can i achieve the dialog security and transport security with out using certificate?
like we can achieve the transport security using windows authentication (both the instances are in same domain).
so how to achieve the dialog security with out using certificates.
if any body has any link plz provide me.
Thanks a lot!!!!!!!!!!!!!!!!!!!!!!!!!!
No, the only option for dialog security is to use certificates.
One option is to rely entirely on transport security. Even if at the dialog level messages are not secured (signed and encrypted), the transport level will secure all the trafic (will encrypt everything).
|||hi ,
thanks a lot fr ur reply!!!!!!
but one thing i want to know like how to rely on transport security.
because previuosly i configured master database for transport secutiry and the initiator and target database for dialog security and both using certificate.
now for this how to achieve transport security as a whole.is it necessary to create route and remote service binding?
how to achieve all this stuff?
I am very new to service broker. so plz help me in little bit details.
|||Dialog security allows services to authenticate each other and provides end-to-end (service to service) security for SSB messages. If security is desired, it is always recommended, and is required if the path between services is not entirely controled (there are multiple hops that forward messages and some fall outside your administrative control). Dialog security encrypts only the message payload (whatever is passed in to the SEND verb) and does not encrypt the routing information (from service/to service) in order for intermediate forwarders to be able to forward the messages. The closest analogy to dialog security is S-MIME, the protocol to secure mail messages.
Transport security is basicaly encryption of the traffic between two servers (SSL). It will encrypt every single byte of traffic between the servers involved. Enabling transport security is orthogonal (unrelated) to dialog security.
If you consider just two SQL Servers instances and two services exchanging messages, the dialog security and transport security seem to overlap quite a bit. The differentiation becomes clear if you add a third SQL Server instances that acts as a forwarder between the previous two.
In your scenario if you want to rely entirely on transport security and not use dialog security you should make sure your application issues the BEGIN DIALOG verbs with the ENCRYPTION = OFF clause and there is no REMOTE SERVICE BINDING deployed. The target service must grant SEND to [public] in order to accept unsecured messages.
No comments:
Post a Comment