[This message was posted by joel louis of <louisj...@gmail.com> to the "4.0 Session" discussion forum at http://fixprotocol.org/discuss/12. You can reply to it on-line at http://fixprotocol.org/discuss/read/af82d462 - PLEASE DO NOT REPLY BY MAIL.]
Hi Sakira, You right encrypted password and encrypted logon in FIX is not secure specially using a cleartext. But there are few measures you can put in place to secure your connection. The use of VPN is one of them just depend how strong your key is. There is a very very helpful forum already open By Ryan Pierce about encryption, the title is "Information security" and there is a link there to direct you to more useful documentation. > so basically its gives u rudimentary sort of validation. isn't it > possible for someone to sniff the sessionID and then disguise as that > party. it is my assumption that the communication is usually over a VPN > based networks and not really over the www. bcoz i am not sure how this > is secure. > > > Hi Sakira, > > > > The theory behind this is for the initiator to check if the connection > > is up(if this is the first connection with the acceptor for the day), > > the initiator will expect a sequence 1. Yes it is a low level socket > > acceptance.The logon message must be the first message sent by the > > application requesting to initiate a FIX session. There are few tags > > there but as far as I know there should be Tag 108, 95,96, 98. Upon > > receipt of a Logon message, the session acceptor will authenticate the > > party requesting connection and issue a Logon message as > > acknowledgment that the connection request has been accepted. The > > acknowledgment Logon can also be used by the initiator to validate > > that the connection was established with the correct party. > > > > > > Check this http://www.transacttools.net/ttportal/datadict/browser.jsp > > it may help. > > > > Joel > > > i am looking the examples given in quickJ and i am sort of confused. > > > can u confirm my understanding of session creation, logon > > > > > > - initiator first initiates the connection. my question is what > > > information is sent here. [in other words what tags]. is this just > > > the low level socket acceptance between initiator and the > > > acceptor? > > > - why is the session established first and then the logon [35=A] > > > established second. does the session id needs to change bcoz i > > > dont think u can use same session id before authentication [You can unsubscribe from this discussion group by sending a message to mailto:unsubscribe+100932...@fixprotocol.org] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Financial Information eXchange" group. To post to this group, send email to fix-protocol@googlegroups.com To unsubscribe from this group, send email to fix-protocol+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/fix-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
