1
我裏面MyDataService.svc.cs下面的代碼(這是從DevExpress的一個例子):WCF服務EntitySetRights.AllRead安全嗎?
namespace MyDataService {
[System.ServiceModel.ServiceBehavior(IncludeExceptionDetailInFaults = true)]
[JSONPSupportBehavior]
public class DataService : DataService<TestDataEntities>, IServiceProvider {
public static void InitializeService(DataServiceConfiguration config) {
config.SetEntitySetAccessRule("*", EntitySetRights.AllRead);
config.DataServiceBehavior.MaxProtocolVersion = DataServiceProtocolVersion.V3;
}
public object GetService(Type serviceType) {
if (serviceType == typeof(IDataServiceStreamProvider)) {
return new ImageStreamProvider();
}
return null;
}
protected override void OnStartProcessingRequest(ProcessRequestArgs args) {
CustomBasicAuth.Authenticate(HttpContext.Current);
if (HttpContext.Current.User == null)
throw new DataServiceException(401, "Invalid login or password");
base.OnStartProcessingRequest(args);
}
}
}
因此,儘管這是將檢查實體用戶名和密碼,如何安全是它那config.SetEntitySetAccessRule是設置爲AllRead。是否有人能夠在諸如www.website.com/MyDataService.svc/Customer(其中Customer是表格)的url上看到這些信息。如果不是這樣,那麼請填寫我面臨的概念差距。謝謝!