EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSL Transports for NexusDB

NexusDB is a database management system that makes use of a number of transports, including Winsock, COM , Named Pipe transports.
One can create their custom transports too. One of powerful features of NexusDB is chained transports. This means that you can create a transport which will do some transformations and use other transport to deliver the actual data. This feature is used to provide Blowfish encryption for data.
Now you can also use SSL proxy transports to provide higher level of security and certificate-based authentication of clients and servers.



The steps to add SecureBlackbox on client side are:

  1. check that you have installed the necessary packages as described in SecureBlackbox ReadMe file. Install the package if necessary;
  2. Put TElClientSSLTransport to the form (let's name it "ClientSSLTransport");
  3. Set ClientSSLTransport.Transport property to the transport, which will do actual data transfer;
  4. If you don't have an instance of TnxRemoteServerEngine component on the form, put one (let's call it "ClientRemoteServerEngine");
  5. Set ClientRemoteServerEngine.Transport property to ClientSSLTransport;
  6. (optional) Adjust Versions property of ClientSSLTransport if needed;
  7. (optional) Put some certificate storage to the form and set ClientSSLTransport.CertStorage property to that certificate storage

The steps to add SecureBlackbox on server side are:
  1. check that you have installed the necessary packages as described in SecureBlackbox ReadMe file. Install the package if necessary;
  2. Put TElServerSSLTransport (let's name it "ServerSSLTransport") to the form;
  3. If you don't have an instance of TnxServerCommandHandler on the form, put one (let's call it "ServerCommandHandler");
  4. Set ServerSSLTransport.CommandHandler property to ServerCommandHandler;
  5. If you don't have an instance of TnxSecuredCommandHandler on the form, put one (let's call it "ServerSecuredCommandHandler");
  6. Set ServerSecuredCommandHandler.SecuredTransport property to ServerSSLTransport;
  7. (optional) Adjust Versions property of ServerSSLTransport if needed;
  8. (optional) Put some certificate storage to the form and set ServerSSLTransport.CertStorage property to that certificate storage. This storage contains server certificates
  9. (optional) Put some certificate storage to the form and set ServerSSLTransport.ClientCertStorage property to that certificate storage. This storage contains certificates of the clients if they are requested from clients when connecting.

You will find sample project of using SecureBlackbox with NexusDB in <SecureBlackbox>\Samples\NexusDB folder.

Towards maximum security

In fact, after the above steps your connection is encrypted. It is not easy to see the data anymore. However the task is not complete. It is technically possible for some third-party to access the data. How is this done? Third-party establishes itself as a remote part of the communication and receives the information. Imagine you connect to a server and send a request. However the server you connected to is not the one you thought. In fact this is fraud server. Your reuqest can continue some valuable information and it does not matter if you discover the problem – valuable information has been already passed to a criminal.

To prevent this, proper authentication steps must be taken. Both server and client must be properly identified as authorized to access the data. This is done using X.509 certificates. X.509 certificate can identify the side (server or client) in communications and it can also contain supplementary information that, for example, contains description of the scope of actions, which the client is allowed to do.

For information about certificates see Certificate basics article

Download SecureBlackbox now.

Return to the list

|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!