Socket Help
Phil Davis
phil at pdslabs.net
Mon Apr 6 14:50:06 EDT 2020
Hi Bob,
I'm realizing now that your system connects client and server via the
internet. Mine connects them via LAN. Big security difference!
In another system I wrote that connects client & server over the
internet, the server does this upon receiving a request:
does a 'wait flag' (temp file) exist for this data source?
- no:
- is this an update request?
- no: select/assemble data & put it
- yes: set a 'wait flag', do the update, delete the wait
flag, put the response
- yes: put 'busy' (client tries again in a few ticks, up to x
attempts)
In the case of this system, the traffic is low enough so this approach
has worked fine for years. In a higher volume system you might want to
see if any other CGI transactions are in progress against the requested
data source before you start changing data.
That's all I got.
I realize it probably isn't new news.
Phil
On 4/6/20 7:49 AM, Bob Sneidar via use-livecode wrote:
> Hi Phil. Thanks for the reply.
>
> I’m curious how this client server method handles multiple simultaneous connections? I had the idea of having a listener agent spawn an SQL Agent stack the first time a client connected, that would then listen on a random port. The listener agent would return the random port to the client which would then in the future communicate with the random SQL agent directly. A kind of passive connection if you will. I’m not sure all that is necessary though.
>
> I kept waking up all night thinking of ways to implement the encryption so that even a person with time to decipher the method would not be able to use it in subsequent captures.
>
> Of course, nothing is uncrackable, even Fort Knox, given the time, resources and resolve. The trick to encryption is to make the process of foreign decryption so tedious and time consuming that it isn’t worth the effort.
>
> And of course the reward for the foreign agent has to be considered when determining the level of complexity. There is no hacker in the Ukraine poring over the encrypted packets of my SQL transactions to access my data, so I don’t think I need go to extreme measures! I simply need to be able to reassure the principles of my company that their data is secure in transit.
>
> One more note, to secure passwords that I store in SQL, I encrypt those separately with a different key and seed before creating the SQL. That way, even if someone got physical access to the database, they couldn’t decipher the passwords.
>
> Bob S
>
> On Apr 5, 2020, at 11:25 PM, Phil Davis via use-livecode <use-livecode at lists.runrev.com<mailto:use-livecode at lists.runrev.com>> wrote:
>
> Hi Bob,
>
> I created a client-server business system for a client some years ago. It too uses data encryption. What I did on the server side was prep the data for net transfer (base64Encode it as the final prep step, I think), then transfer length(data) & CR & data.
>
> On the client side, the app reads from the socket for 1 line (which goes into a variable, say "X"), then read from socket for X bytes. This keeps it simple - no need for special terminators etc - and seems to always work.
>
> Phil Davis
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
More information about the use-livecode
mailing list