Bl8ckr0uter wrote: » Do any of you work with Windows Communication Foundation? Do you feel that it is a worthwhile framework and that it helps increase the security of your web apps?
RobertKaucher wrote: » I build WCF services to work with our LOB apps so that we can surface a frontend in SilverLight on the SharePoint site. I don't know that *it* increases security by itself so much as the tools I can use to develop the services like LINQ and Entity Framework. At the very least I can rule out any chance of SQL injection. Even if I were not working in SilverLight I would probably still be working with WCF as apposed to ADO.Net to get my data. But I am a n00b with WCF still.
Bl8ckr0uter wrote: » In a hypothetical situation, you would still need (at least) 3 boxes: Web Server>>WCF Application Server*>>Database Server *I like to call this box, "Web service(s)" Depending on what you are serving up of course. Basically what I want to know is if you can (someway) get rid of the WCF Application Server and still use WCF. The developers, other admin and I are having some trouble figuring this out. I am thinking we still need the middle box (but I don't want it as it is another single point of failure) but I am not 100% sure. Why are you able to get rid of SQL injection attacks**? **I still need to look at that video you posted on my facebook page **
RobertKaucher wrote: » I do not use Entity SQL:Preventing SQL Injection with the Entity Framework and Data Services - Public Sector Developer Weblog - Site Home - MSDN BlogsLINQ to Entities, Entity SQL, Parameterized Store Queries and SQL Injection : Don't Be Iffy You still have to be careful - but as you are not passing raw SQL queries to the DB there is no chance of an injection. Most of our stuff works on 2 servers. I have the front end and the DB/WCF servers. We are pretty small, so we don't have to worry much about the topology.
RobertKaucher wrote: » WCF really rocks. In a large environmnet with serious SLAs I would be concerned about condensing the WCF and SQL Server boxes. We have a 24 hr SLA on all our stuff, so it's not a big deal for us. But if you have smaller window I'd try not to host them on the same server as it just complicates the restore process. You can redirect a WCF service to a mirror or spare DB as quickly as it takes to restore the db. But if your web services and DB are all on teh same box it really complicates things...
RobertKaucher wrote: » I think this graphic from tha article says it all:http://1.bp.blogspot.com/_T-syN1Neuz8/S87TBcf3I_I/AAAAAAAAAFw/XNIKQo36GQA/s1600/wcf.jpg
Bl8ckr0uter wrote: » This is some complicated $h1T.
RobertKaucher wrote: » And that's why I feel like an idiot most of the time...
RobertKaucher wrote: » You make it sound so dirty... Gotta' know your ABCs.
