Steven Sitas
Mar 1, 2018

Encryption in WEB Services

0 comments

A lot of developers, emailed me about the "technique" we use to encrypt the access to WEB Services, in the Connection Manager.

Developers seemed to like the "dual" approach, but be carefull, there are a lot of "holes" here ...

The most important one is that one of the keys MUST be embedded in both the Connection Manager and our applications - so the apps may be a target of "reverse engineering" or an "angry" employee.

 

Also, if you check the code, you will see that we have NO encryption, when sending back the connection info array to applications.

We did this to "encourage" developers to think of their own "encryption code" and of course add it also to the info sent back.

 

The most important question we where asked, was: should we talk about the encryption code in the forums?

The quick answer is YES - there is NO other way to find the "holes" in your implementation.

 

Of course, the best option would be to use RSA or Elliptic Curves ...

New Posts
  • Steven Sitas
    Mar 8, 2018

    You can download a copy of libmysql.dll, from Downloads->alpha360 Magazine Issue 1.
  • Steven Sitas
    Mar 8, 2018

    If you don' have WEBDEV, follow the steps to install the 10 user connection server. 1. Search for a directory named "WINDEV 21 - Setup" on your development machine. This is NOT your WINDEV 21 directory - notice the Setup in the name of the directory. 2. Inside this directory is a subdirectory named: "WebDep - 10 Connections" Run from here the install. If the install doesn't find a WEBServer on your PC it will offer to install IIs or Apache. 3. Don't forget to update the above (from PCSofts site) - if you have an older version on your PC. 4. When installing WEB Services on this WEBDEV application server, treat it as a NORMAL application server (with an address of local or 127.0.0.1) AND NOT as one that belongs to a WEBDEV installation ..
  • Steven Sitas
    Mar 5, 2018

    There is a "small" bug/typo in the MiniAppv1 project, that MAY not allow the app to find the WEB Services. Search for this code, when calling the WEB Services: p_sWSAddress is string = EDT_WS_Address // CManager..Address=p_sWSAddress and uncomment the 2nd line. Thanks to Marien van Vliet for reporting it.

computerplus

Leoforos Dodonis 43,  45221

IOANNINA - GREECE

Registered VAT ID: EL084190121

sales@computerplus.gr