Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: indy 10 securing connection


This question is answered.


Permlink Replies: 6 - Last Post: Jul 9, 2014 11:20 PM Last Post By: Davor Nikolic
Davor Nikolic

Posts: 6
Registered: 10/22/10
indy 10 securing connection  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 7, 2014 3:50 AM
I have an IdHTTPClient wich sends data to IdHTTPServer and everything works ok.
They use port 5099. How is the easiest way to secure that connection and to stay using that port?
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: indy 10 securing connection  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 7, 2014 10:18 AM   in response to: Davor Nikolic in response to: Davor Nikolic
Davor wrote:

I have an IdHTTPClient wich sends data to IdHTTPServer and
everything works ok. They use port 5099.

Why are they using a non-standard port?

How is the easiest way to secure that connection and to stay
using that port?

Typically encrypted HTTPS (HTTP over SSL) would be used instead of non-encrypted
HTTP. But of course, that requires the server to use SSL on that port.
If that is not an option, you would have to encrypt the data being sent over
non-encrypted HTTP, and the server would have to decrypt it once received.

--
Remy Lebeau (TeamB)
Davor Nikolic

Posts: 6
Registered: 10/22/10
Re: indy 10 securing connection  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 8, 2014 12:01 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Davor wrote:

I have an IdHTTPClient wich sends data to IdHTTPServer and
everything works ok. They use port 5099.

Why are they using a non-standard port?

Why not. Program is installed on many different computers so i would like to use non-standard port for that.
Is that possible?


How is the easiest way to secure that connection and to stay
using that port?

Typically encrypted HTTPS (HTTP over SSL) would be used instead of non-encrypted
HTTP. But of course, that requires the server to use SSL on that port.
If that is not an option, you would have to encrypt the data being sent over
non-encrypted HTTP, and the server would have to decrypt it once received.

SSL is just fine. I have read many messages on this forum for Indy with SSL.
It all comes to using IOHandler and IdServerIOHandlerSSL.
Do I use it only for IdHTTPServer or also i need to use SSLHandler for IdHTTP client?

Is there any example (complete project in zip file) of using SSL? Do you have link, please.

--
Remy Lebeau (TeamB)
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: indy 10 securing connection
Helpful
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 8, 2014 11:40 AM   in response to: Davor Nikolic in response to: Davor Nikolic
Davor wrote:

Why not. Program is installed on many different computers so i would
like to use non-standard port for that.

Doing so requires firewalls and routers to be configured accordingly. Most
are already pre-configured to allow HTTP(S) traffic.

Is that possible?

Possible, yes. Recommended, no. There is a reason ports are standardized.

SSL is just fine. I have read many messages on this forum for Indy
with SSL. It all comes to using IOHandler and IdServerIOHandlerSSL.
Do I use it only for IdHTTPServer or also i need to use SSLHandler for
IdHTTP client?

You have to enable SSL on both ends.

Is there any example (complete project in zip file) of using SSL?
Do you have link, please.

Not an example project, no. But there is really not alot to it. At a minimum:

1. assign a TIdSSLIOHandlerSocketOpenSSL to the TIdHTTP.IOHandler property

2. assign a TIdServerIOHandlerSSLOpenSSL to the TIdHTTPServer.IOHandler property

3. on the server side, use the TIdHTTPServer.OnQuerySSLPort event to enable/disable
SSL based on which port a client connected to.

4. on the client side, specify an HTTPS url when you want to use SSL, and
specify an HTTP url otherwise. If you use non-standard ports then you must
specify the port in the url either way.

--
Remy Lebeau (TeamB)
Davor Nikolic

Posts: 6
Registered: 10/22/10
Re: indy 10 securing connection  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 9, 2014 12:05 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Davor wrote:

Is there any example (complete project in zip file) of using SSL?
Do you have link, please.

Not an example project, no. But there is really not alot to it. At a minimum:

1. assign a TIdSSLIOHandlerSocketOpenSSL to the TIdHTTP.IOHandler property

2. assign a TIdServerIOHandlerSSLOpenSSL to the TIdHTTPServer.IOHandler property

3. on the server side, use the TIdHTTPServer.OnQuerySSLPort event to enable/disable
SSL based on which port a client connected to.

4. on the client side, specify an HTTPS url when you want to use SSL, and
specify an HTTP url otherwise. If you use non-standard ports then you must
specify the port in the url either way.

Do I need certificates? Can I secure connection without them?

What is minimal certificates I need (if I need them)?

--
Remy Lebeau (TeamB)
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: indy 10 securing connection
Correct
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 9, 2014 1:13 PM   in response to: Davor Nikolic in response to: Davor Nikolic
Davor wrote:

Do I need certificates?

Certificates are optional. They serve to provide identity protection, so
the client and server can verify that they are talking to who they think
they are talking to, to avoid man-in-the-middle attackers. Certificates
do not apply to the encryption portion of SSL, though.

Can I secure connection without them?

Yes, provided you can ensure that no MITM can exist in between your client
and your server.

--
Remy Lebeau (TeamB)
Davor Nikolic

Posts: 6
Registered: 10/22/10
Re: indy 10 securing connection  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jul 9, 2014 11:20 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Thank you for clearifiying things for me.

Remy Lebeau (TeamB)
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02