Whatever authentication method you have used to secure your GIS services, it will eventually achieve the one thing it is intended to, authentication. However, after authentication, the transmission of packets between client and server is all done in naked plain text. If you used tokens, someone can intercept and start working on breaking your token into its main components: the username and the password. If it is a long-lived token, chances are that it might be broken. Another eavesdropper might not even need to break the token; he/she will simply listen to the transmission, borrow the token, and re-use it in a reply attack. The same applies on the Web tier security, which is why securing the very channel on which the whole thing is staged is essential to protect all communication, and this is done using the HTTPS protocol.
Administering ArcGIS for Server
By :
Administering ArcGIS for Server
By:
Overview of this book
Table of Contents (18 chapters)
Administering ArcGIS for Server
Credits
Foreword
About the Author
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Best Practices for Installing ArcGIS for Server
Authoring Web Services
Consuming GIS Services
Planning and Designing GIS Services
Optimizing GIS Services
Clustering and Load Balancing
Securing ArcGIS for Server
Server Logs
Selecting the Right Hardware
Server Architecture
Index
Customer Reviews