alpha

360

  • Home

  • Documentation

    • GitHub
    • Offline
  • Order

    • Online Orders
    • Price List
    • Compare
  • Downloads

  • Blog

  • Forums

  • Contact

  • More

    Use tab to navigate through the menu items.
    0
    To see this working, head to your live site.
    • Categories
    • All Posts
    • My Posts
    Steven Sitas
    Mar 01, 2018

    Encryption in WEB Services

    in alpha360 Magazine

    A lot of developers, emailed me about the "technique" we use to encrypt the access to WEB Services, in the Connection Manager.

    Developers seemed to like the "dual" approach, but be carefull, there are a lot of "holes" here ...

    The most important one is that one of the keys MUST be embedded in both the Connection Manager and our applications - so the apps may be a target of "reverse engineering" or an "angry" employee.


    Also, if you check the code, you will see that we have NO encryption, when sending back the connection info array to applications.

    We did this to "encourage" developers to think of their own "encryption code" and of course add it also to the info sent back.


    The most important question we where asked, was: should we talk about the encryption code in the forums?

    The quick answer is YES - there is NO other way to find the "holes" in your implementation.


    Of course, the best option would be to use RSA or Elliptic Curves ...

    0 comments
    0
    Comments
    0 comments

    computerplus

    Leoforos Dodonis 43,  45221

    IOANNINA - GREECE

    Registered VAT ID: EL084190121

    alpha360(at)computerplus(dot)gr

    Forums

    Videos

    Documentation for v1 Releases

    WX Links

    Terms of Use

    Subscribe to the newsletter

    ​

    © 2017-22 by computerplus