EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Securing RemObjects

RemObjects uses several different transports from different vendors. They include WinInet (Windows transport), Indy, DXSock. SecureBlackbox currently supports Indy transport. DXSock support is planned for some later date. WinInet is client-side transport, which has built-in SSL support for HTTP protocol.

There are 4 components in RemObjects that we can link SecureBlackbox to. They are TROIndyHTTPServer/TROIndyHTTPClient and TROIndyTCPServer/TROIndyTCPClient.

TROIndyHTTPServer and TROIndyHTTPClient are server and client of HTTP transport, based on HTTP protocol. TROIndyTCPServer and TROIndyTCPClient are server and client of plain TCP transport.

The components mentioned can be bound to Indy 8 or Indy 9. Evaluation version of RemObjects supports Indy 8 in Delphi 6 evaluation version and Indy 9 in Delphi 7 evaluation version. In registered version of RemObjects you can use whatever version you want.

Instructions for using SecureBlackbox with different Indy bindings are listed below. Before using SecureBlackbox with RemObjects be sure to install Indy support package (sbIndy*.dpk) which is located in <SecureBlackbox>\Classes\Indy folder.

Indy 9

TROIndyHTTPServer and TROIndyTCPServer components have a property named IndyServer. This property is a class that exposes some of Indy HTTP/TCP server. Among other properties, there is a property IOHandler. To add SecureBlackbox to your project that uses TROIndy*Server, you need to put an instance of TElIndySSLServerIOHandler to the form, then set IOHandler property (mentioned above) to the name of TElIndySSLServerIOHandler component.

TROIndyHTTPClient or TROIndyTCPClient components have a property named IndyClient. This property is a class that exposes some of Indy HTTP/TCP client. Among other properties, there is a property IOHandler. To add SecureBlackbox to your project that uses TROIndy*Client, you need to put an instance of TElIndySSLIOHandlerSocket to the form, then set IOHandler property (mentioned above) to the name of TElIndySSLIOHandlerSocket component.

You will find a sample project of using SecureBlackbox with RemObjects in <SecureBlackbox>\Samples\RemObjects\Indy9 folder.

Indy 8

TROIndyHTTPServer and TROIndyTCPServer components have a property named IndyServer. This property is a class that exposes some of Indy HTTP/TCP server. Among other properties, there is a property Intercept. To add SecureBlackbox to your project that uses TROIndy*Server, you need to put an instance of TElIndyServerSSLIntercept to the form, then set IOHandler property (mentioned above) to the name of TElIndyServerSSLIntercept component.

TROIndyHTTPClient or TROIndyTCPClient components have a property named IndyClient. This property is a class that exposes some of Indy HTTP/TCP client. Among other properties, there is a property IOHandler. To add SecureBlackbox to your project that uses TROIndy*Client, you need to put an instance of TElIndyConnectionSSLIntercept to the form, then set IOHandler property (mentioned above) to the name of TElIndyConnectionSSLIntercept component.

You will find a sample project of using SecureBlackbox with RemObjects in <SecureBlackbox>\Samples\RemObjects\Indy8 folder.

Towards maximum security

In fact, after the above steps your connection is encrypted. It is not easy to see the data anymore. However the task is not complete. It is technically possible for some third-party to access the data. How is this done? Third-party establishes itself as a remote part of the communication and receives the information. Imagine you connect to a server and send a request. However the server you connected to is not the one you thought. In fact this is fraud server. Your reuqest can continue some valuable information and it does not matter if you discover the problem – valuable information has been already passed to a criminal.

To prevent this, proper authentication steps must be taken. Both server and client must be properly identified as authorized to access the data. This is done using X.509 certificates. X.509 certificate can identify the side (server or client) in communications and it can also contain supplementary information that, for example, contains description of the scope of actions, which the client is allowed to do.

For information about certificates see Certificate basics article

Download SecureBlackbox now.

Return to the list

|

Back to top