Socket Help

[Bob Sneidar]

I was a big believer that SSL was never going to be compromised… until it was. The retooling of industry security standards over the last 6 years or so has taught me the opposite: NEVER rely on out of the box security if you can help it.

Asking a web server to get data and return it introduces a lag time which I am already struggling with. And if I DID use a web server, I would still have to go through extraordinary measures to secure THAT!

By “rolling my own” (I’m not really, I’m using LC’s built in AES encryption with a twist) I am ensuring that even if someone were able to grok my poison pill approach, and then brute force the hash, it would only work for that one instance. THEY STILL would have to brute force any password data in the instance, and they would have to do the same process all over again with the next intercepted next transmission.

Bob S


On Apr 6, 2020, at 9:10 AM, Richard Gaskin via use-livecode <use-livecode at lists.runrev.com<mailto:use-livecode at lists.runrev.com>> wrote:

Two rubrics that have saved me much time, effort, and unrest:

1. Unless you have a specific reason why another protocol is truly
  necessary, use HTTP.

  Tooling, documentation, simplicity, extensibility - it's all there,
  ready to use, right now.


2. Never roll your own security.

  Consider all the hours spent developing, testing, refining,
  reporting, revising, packaging, documenting.  No single human
  will ever replicate even a corner of that in an entire lifetime.
  And there's no need, since most of the best security options are
  Free and open.


--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web