EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Windows Phone Mango SSL sample

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#18142
Posted: 11/10/2011 15:21:57
by Matthijs Hoekstra (Basic support level)
Joined: 11/10/2011
Posts: 7

Hi,

We need to store httponly cookies on the phone. Mango itself doesn't support this so I am looking at your components. I am missing an sample I can use from the phone to create a secure https connection.

Few questions. How do you check if the SSL connection is secure or in other words the SSL Certificate on the server is safe?

We need the default functionality which is available in Mango for the https objects with the addition to save the httponly cookies (which I understand blackbox supports0

Hope you can help me out.
#18143
Posted: 11/10/2011 17:00:16
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Yes, SecureBlackbox does support HttpOnly cookies. Please use TElCookieManager and TElCookie classes to manage [particularly, HttpOnly] cookies.

Quote
How do you check if the SSL connection is secure or in other words the SSL Certificate on the server is safe?

SecureBlackbox does not validate server certificates automatically, as Mango does not provide public access to pre-installed ("trusted") system certificates. Still, you can make SecureBlackbox perform validation for you by supplying it with the certificates you trust (so that SBB had trusted certificates to validate server certificates against).
#18154
Posted: 11/11/2011 08:06:20
by Matthijs Hoekstra (Basic support level)
Joined: 11/10/2011
Posts: 7

Interesting, would you have pointers to some samples I could check out to validate? If we can get this to work we definitely will buy this component for a WP75 banking app.

Would retrieving through the default https object from Mango and comparing the certificates with the blackbox ssl call be a possible workaround? (compare both certificates I from 2 different objects I mean). Mango http requests check the CA hierarchy automatically I believe?

Thanks for the prompt follow up btw, much appreciated.

Reply

Statistics

Topic viewed 1464 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!