Question
I'm working on a server which eventually supposed to send data to some clients (also self implemented). The data must be secured. One option is to implement a regular HTTP protocol and forcing the clients/server to use a VPN connection. Another option (might reduce costs) is to encrypt my data (just encrypt the payload or use HTTPS).
I read lot's of stuff, but I still not sure I understand the differences in:
Thanks
Solution
Typically VPNs use SSL between the client and the LAN, anyway. The main difference from a security standpoint is that the VPN approach would leave the communications in the clear once it got to your LAN, while the HTTPS approach would encrypt it all the way to your server. That would only make a difference if there were an eavesdropper on your LAN, between your firewall and your server.
The biggest difference is that HTTPS would probably be considerably more convenient for your clients.
OTHER TIPS
VPN is a better option because it puts the responsibility of security at the OS level. Using SSL, your security is as good as your implementation. Also, in the future, when you want to start using sockets or other layers, you can't.
https://stackoverflow.com/questions/22755649
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian