Hi Bob,
I'm realizing now that your system connects client and server via the
internet. Mine connects them via LAN. Big security difference!
In another system I wrote that connects client & server over the
internet, the server does this upon receiving a request:
does a 'wait flag' (temp file) exist for this data source?
- no:
- is this an update request?
- no: select/assemble data & put it
- yes: set a 'wait flag', do the update, delete the wait
flag, put the response
- yes: put 'busy' (client tries again in a few ticks, up to x
attempts)
In the case of this system, the traffic is low enough so this approach
has worked fine for years. In a higher volume system you might want to
see if any other CGI transactions are in progress against the requested
data source before you start changing data.
That's all I got.
I realize it probably isn't new news.
Phil
On 4/6/20 7:49 AM, Bob Sneidar via use-livecode wrote:
Hi Phil. Thanks for the reply.
I’m curious how this client server method handles multiple simultaneous
connections? I had the idea of having a listener agent spawn an SQL Agent stack
the first time a client connected, that would then listen on a random port. The
listener agent would return the random port to the client which would then in
the future communicate with the random SQL agent directly. A kind of passive
connection if you will. I’m not sure all that is necessary though.
I kept waking up all night thinking of ways to implement the encryption so that
even a person with time to decipher the method would not be able to use it in
subsequent captures.
Of course, nothing is uncrackable, even Fort Knox, given the time, resources
and resolve. The trick to encryption is to make the process of foreign
decryption so tedious and time consuming that it isn’t worth the effort.
And of course the reward for the foreign agent has to be considered when
determining the level of complexity. There is no hacker in the Ukraine poring
over the encrypted packets of my SQL transactions to access my data, so I don’t
think I need go to extreme measures! I simply need to be able to reassure the
principles of my company that their data is secure in transit.
One more note, to secure passwords that I store in SQL, I encrypt those
separately with a different key and seed before creating the SQL. That way,
even if someone got physical access to the database, they couldn’t decipher the
passwords.
Bob S
On Apr 5, 2020, at 11:25 PM, Phil Davis via use-livecode
<use-livecode@lists.runrev.com<mailto:use-livecode@lists.runrev.com>> wrote:
Hi Bob,
I created a client-server business system for a client some years ago. It too uses data
encryption. What I did on the server side was prep the data for net transfer
(base64Encode it as the final prep step, I think), then transfer length(data) & CR
& data.
On the client side, the app reads from the socket for 1 line (which goes into a variable,
say "X"), then read from socket for X bytes. This keeps it simple - no need for
special terminators etc - and seems to always work.
Phil Davis
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
