Real Software Forums

The forum for Real Studio and other Real Software products.
[ REAL Software Website | Board Index ]
It is currently Mon Dec 11, 2017 1:55 pm
xojo

All times are UTC - 5 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Software design, interact withg the web
PostPosted: Tue Jan 15, 2013 2:30 am 
Offline

Joined: Sat May 19, 2007 6:01 am
Posts: 300
How do you do when you have software to interact, or save data, on the web?

index.asp?ID=123&age=23&firstname=Bernie

What about security!?

Depending on what kind of data it is, security may be important.


Top
 Profile  
Reply with quote  
 Post subject: Re: Software design, interact withg the web
PostPosted: Wed Jan 16, 2013 6:09 am 
Offline

Joined: Sat May 19, 2007 6:01 am
Posts: 300
So... No reply from the crowd! I answer myself. In the shower and while shaving good ideas comes as a flash from the clear blue sky! :)

I think it can be possible to do with sessions.

For example, when opening the software a connection to the remote server can be initialized and the session ID from the web server is sent to the client. Then, when editing data, the session ID is included in the string.

index.asp?sessionID=123&firstname=Adam&lastname=Maniac&userID=23

You will just need to "hide" the session ID little in the code... Maybe write it as serialKeyNr, for example. But that's just a designers hidden secret.

It will still be possible to "break" or to fake the software, but it will need some serious thinking and is not done so easily.
It's not super perfect, but at least, it's way better than nothing!!

After all, this software is not super secret and in the interest of the nation...!!


Top
 Profile  
Reply with quote  
 Post subject: Re: Software design, interact withg the web
PostPosted: Fri Jan 25, 2013 6:02 am 
Offline

Joined: Wed Sep 17, 2008 2:45 pm
Posts: 220
Why would your second version be more secure than your first?
Your 'designer secret' could be discovered within minutes with a decent packet sniffer. You shouldn't send 'private' data this way. If it's private, you need some sort of authentication, nothing else.

_________________
My native language is not English.


Top
 Profile  
Reply with quote  
 Post subject: Re: Software design, interact withg the web
PostPosted: Fri Jan 25, 2013 7:02 am 
Offline
User avatar

Joined: Tue Jan 04, 2011 3:02 am
Posts: 1236
Location: Jönköping, Sweden
I'd say you should encrypt the data with AES-256 or similar a decryption key that only the receiver knows.
DON'T send the key to the receiver, it has to be there from the beginning otherwise it too can be snatched and used for decryption by a filthy hacker ;)

_________________
Image http://www.linkedin.com/in/albinkiland
Dev. iMac 27" + 2x22" LG (2.8GHz Intel Core i7, 12GB RAM, 120GB SSD) OS X 10.8
Xojo Pro 2013r1


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 5 hours


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group