Woo hoo.
So we have done our 'encrypting data at rest' bit of work.
And now we are being told to 'encrypt data in transit'.
Unsurprisingly I am getting a lot of different answer non of which make sense.
So lest assume we want to encrypt a web service - so it needs to be sent as an https message rather than http - I am being told we need to encrypt that somewhere in the application.
However my understand was that it is just a mode of transport for the message - so i could send the same message via either http or https but the one which goes via https is 'more secure' and 'more difficult for someone to intercept and read' than the one going via http.
Appreciate this is a large topic but can anyone shed any light on this?
So we have done our 'encrypting data at rest' bit of work.
And now we are being told to 'encrypt data in transit'.
Unsurprisingly I am getting a lot of different answer non of which make sense.
So lest assume we want to encrypt a web service - so it needs to be sent as an https message rather than http - I am being told we need to encrypt that somewhere in the application.
However my understand was that it is just a mode of transport for the message - so i could send the same message via either http or https but the one which goes via https is 'more secure' and 'more difficult for someone to intercept and read' than the one going via http.
Appreciate this is a large topic but can anyone shed any light on this?
Comment