Real Software Forums
http://forums.realsoftware.com/

Stand Alone and Secure Information
http://forums.realsoftware.com/viewtopic.php?f=23&t=47820
Page 1 of 1

Author:  neonash7777 [ Wed May 08, 2013 11:19 am ]
Post subject:  Stand Alone and Secure Information

I prefer using the stand alone deployment but it will still be quite a while before HTTPS support is in stand alone.

I need the user to enter confidential information, but I do not want that information sent insecurely back to the app.
1) How is this information currently being sent? Plaintext? Is it obfuscated in any way?

2) I don't actually need this information sent back to the web-server, in fact it is better if it doesn't get it. Is there anything I can do so that I can use the Web Controls and styling but essentially stop the "text change" events from being sent to the web-server?

Essentially I am doing an HTTPS Post command where I send secure information to an API. This means I never need (nor want) the actual values of the text inside the web Controls, and the only time they need to be accessed is on the client end with the POST command. I want to use Web Controls however so that I can maintain the layout, look, and feel of the web-app and so I wont have to program any HTML other than the "Post" action on a button.
Is this possible?

Author:  PrietoM [ Tue May 21, 2013 11:21 am ]
Post subject:  Re: Stand Alone and Secure Information

HTTPS provides encryption. This is a brief extract from wikipedia about HTTPS. " HHTPS provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication"

So I am assuming that your communications to the API are secured and encrypted.

In fact, it has nothing to do with WE.

Author:  taylor-design [ Tue May 21, 2013 1:29 pm ]
Post subject:  Re: Stand Alone and Secure Information

neonash7777 wrote:
I prefer using the stand alone deployment but it will still be quite a while before HTTPS support is in stand alone.


I missed your post earlier this month. You can use a tool like nginx to sit in front of WE and provide SSL and load balancing with multiple WE instances.

Quote:
1) How is this information currently being sent? Plaintext? Is it obfuscated in any way?


Other than possibly being compressed, I believe it's sent in the clear.

Quote:
2) I don't actually need this information sent back to the web-server, in fact it is better if it doesn't get it. Is there anything I can do so that I can use the Web Controls and styling but essentially stop the "text change" events from being sent to the web-server?


Someone from Real would have to jump in here, but I don't believe you can be sure that the text will never be sent back.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/