Webservices + SSL = Good or Bad?

Wednesday, July 30, 2003

Right now, I have all my web services under one project, secured behind SSL. I have not decided if I want to move the to a better location, like http://webservices.interscapeusa.com, or something like that. Basically to move them out of the SSL security. Now, I'd like some opinions in terms of the effect... is the latency of SSL combined with the serialization of data into XML substantial? Is it worth it to have your data stream encrypted, or would it be better to use WSE to make sure the data is encrypted and not the whole stream? Is there something I'm not considering here? Please leave me comments, thoughts, and suggestions. Thanks.

5 Comments

We use Web Services combined with SSL for SourceGear Vault, our version control system. I routinely use this setup from home over a 256K connection which is only quasi-reliable. We have another employee who uses Vault over a plain old 56k modem. In both cases the performance is quite adequate for our application. YMMV.

Eric Sink - Thursday, July 31, 2003 12:05:00 AM

Don't use WSE if you need to be cross platform (at least not yet). Stick with SSL for a while.

Jesse Ezell - Thursday, July 31, 2003 1:22:00 AM

Thanks for the feedback guys.

Robert McLaws - Thursday, July 31, 2003 2:32:00 PM

We too use SSL. However, to relieve the web servers in our farm from having to do the SSL processing, which has lead to scalability problems, we offload SSL to a pair of embedded SSL accelerators.

Kris Williams - Friday, August 1, 2003 11:57:00 PM

It depends on application requirements, if its

a B2Bi implementation, just SSL cannot help u

with Non-repudiation prespective.Else SSL is fine.

Vijay P - Tuesday, June 15, 2004 1:50:00 PM

Comments have been disabled for this content.