[twsocket] TWSocketServer and TWSocket Port
Hello all, If I have server and client component at one side, server and client component at the other side Side A: TWSocketServer and TWSocket == Acts as client Side B: TWSocketServer and TWSocket == Acts as server Side A connects automatically to the site B because site A is acting as client and site B is acting as Server. Now, Site B which is the server needs to have port 443 open (I am using SSL sockets in both sites) in order to be able to receive the client (site A). When the site A connects to the site B it informes ip and the port, can this informed port be used for connecting from site B to the site A (like reverse)? Here is the goal, I want to be able to avoid opening the ports at site A, I would like to use the same port which the site A uses when it connects to the site B. Could you please let me know if this is possible with SSL components? thanks -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
I would like to use the same port which the site A uses when it connects to the site B. Yes, you can have a same listening port at both sides. -- francois.pie...@overbyte.be http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
I would like to use the same port which the site A uses when it connects to the site B. Yes, you can have a same listening port at both sides. Thanks for the response. Yes, I know I can listen same ports but my question is, can I do that at Site A without opening any ports at the routers/firewalls? The goal is to have ports open only at site B which is the server. I am I am explaining this correct. Thanks -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
I would like to use the same port which the site A uses when it connects to the site B. Yes, you can have a same listening port at both sides. Thanks for the response. Yes, I know I can listen same ports but my question is, can I do that at Site A without opening any ports at the routers/firewalls? As soon as you have a listening port on a LAN accessible from the outside thru a firewall or NAT router, you have to open the port. The goal is to have ports open only at site B which is the server. The use only one socket and make all communications over that unique connection. No other choise in your situation. -- francois.pie...@overbyte.be The author of the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
The use only one socket and make all communications over that unique connection. No other choise in your situation. Thanks Francois, Please do correct me if I am wrong. Now, You are saying that it is not possible to have only server port opened, I need to open port 443 in both sites. Site A port 443 need to be open from PC and from the firewall. Site B port 443 need to be open from PC and from firewall. If this is correct than, means there are no options to reverse the communication between the sockets and also means the client pc cannot be accessed in any ways. Means also, I cannot run remote client windows Command prompt from the server. Means also, I cannot use WMI to collect the client system info or modify the client system info. I am just hoping that I am totally wrong!! -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
Please do correct me if I am wrong. Now, You are saying that it is not possible to have only server port opened, I need to open port 443 in both sites. Site A port 443 need to be open from PC and from the firewall. Site B port 443 need to be open from PC and from firewall. No, I didn't meant to say that. I said: You can have a listing port 443 in Site A and/or in Side B as you like. As soon as you have a listening port on any side, then to be able to reach that port from the outside, you have to open the port in the firewall/router/whatever on the box which is on the physical link and also on the computer itself. This is not related to ICS but simply how TCP/IP networking works. If this is correct than, means there are no options to reverse the communication between the sockets and also means the client pc cannot be accessed in any ways. A client PC can never been reached. This is exactly what make the difference between a client and a server. A server is the one accepting incomming connections. The client is the one initiating outgoing connections. As far as firewall/routing is concerned, whatever the direction of a connection, the firewall/router must be configured to accept the connection. Usually all outgoing connections are open and all incomming connections are closed. Means also, I cannot run remote client windows Command prompt from the server. Not correct. The client can open the connection with the server. Then the server may send commands to the client, using the established connection, to instruct the client to run a command prompt (with appropriate I/O redirection so that input/output goes from/to the connection between client and server. Means also, I cannot use WMI to collect the client system info or modify the client system info. Not correct. I am just hoping that I am totally wrong!! Almost. I think you have not figured the software layers in your head. One thing is the link layer (the connection between client and server). Another think is the application layer (commands/responses transported by the link, in both direction) -- francois.pie...@overbyte.be The author of the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli, bandWidthLimit ?
Dear Arno, Is it possible to have a date when you think that the bandwidth control will be available for POST method in HttpCli component ? I need this option, and my boss asks me if I can have a date when this option will be available. Many thanks for your help, Sincerely, Bruno Le 09/01/2011 04:12, Bruno Mannina a écrit : Le 08/01/2011 18:43, Arno Garrels a écrit : Bruno Mannina wrote: Le 08/01/2011 10:17, Arno Garrels a écrit : The bandwidth control is not very accurate and currently doesn't work with POST requests. Dear Arno, thanks for these informations, I use POST requests, so it's sad for me. In current ICSv7 there's a native throttle feature implemented at the TCustomWSocket level. The FTP client and server component already use that when BUILTIN_THROTTLE is defined. It's planed (and very easy) to change the THttpCli to use that code as well. Unfortunately currently I've no sparetime left to make it. I'm not a very good programmer so I will wait the next release. thx a lot, -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli, bandWidthLimit ?
Bruno Mannina wrote: Dear Arno, Is it possible to have a date when you think that the bandwidth control will be available for POST method in HttpCli component ? Currently I cannot give you a date, I'm still rather busy. I do not need this feature in my own projects, so any work on that was plain hobby, except your boss is willing to pay a small fee. Feel free to send me a private mail if that is an option and I'll send you an offer. Or maybe someone else can do it for free, the basics are already there and the TFtpCli source code can be taken as an example. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
(I am using SSL sockets in both sites) Why you insist in use SSL if the client and server applications are coded by you?!! Why use a standard that only exist because of the need to connect many different implementations of clients to many different implementations of servers? You will be much more secure if you encode your data, with your own method, using a much more powerful encrypt algorithm than the used by SSL. And you even get ride of third-party code, such as the OpenSSL DLLs. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
RTT wrote: (I am using SSL sockets in both sites) Why you insist in use SSL if the client and server applications are coded by you?!! Why use a standard that only exist because of the need to connect many different implementations of clients to many different implementations of servers? You will be much more secure if you encode your data, with your own method, using a much more powerful encrypt algorithm than the used by SSL. SSL/TLS aktually uses common, powerful and strong encryption algorithms. However secure peer to peer communication is much more than just that. SSL security includes, for instance, peer verification and protects against Man in the Middle attacks. http://en.wikipedia.org/wiki/Transport_Layer_Security http://en.wikipedia.org/wiki/Public-key_cryptography -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
(I am using SSL sockets in both sites) Why you insist in use SSL if the client and server applications are coded by you?!! Why use a standard that only exist because of the need to connect many different implementations of clients to many different implementations of servers? You will be much more secure if you encode your data, with your own method, using a much more powerful encrypt algorithm than the used by SSL. And you even get ride of third-party code, such as the OpenSSL DLLs. -- I Insist because I have no other options because I don't have knowledge of doing it in the other way. Is that clear enough for you? -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
Thanks Arno, Your answer is just a music to my ears :) RTT wrote: (I am using SSL sockets in both sites) Why you insist in use SSL if the client and server applications are coded by you?!! Why use a standard that only exist because of the need to connect many different implementations of clients to many different implementations of servers? You will be much more secure if you encode your data, with your own method, using a much more powerful encrypt algorithm than the used by SSL. SSL/TLS aktually uses common, powerful and strong encryption algorithms. However secure peer to peer communication is much more than just that. SSL security includes, for instance, peer verification and protects against Man in the Middle attacks. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
SSL/TLS aktually uses common, powerful and strong encryption algorithms. However secure peer to peer communication is much more than just that. SSL security includes, for instance, peer verification and protects against Man in the Middle attacks. Man in the Middle attacks don't work if the man in the middle don't know how to handle the encrypted data/protocol he is intercepting. Closed standards are inheritable much more secure than open standards. In this type of projects the use of the of this standard is wrong. He just don't need the SSL implementation complexity, nor the result slow to start communication, just to get his data secure. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
RTT wrote: SSL/TLS aktually uses common, powerful and strong encryption algorithms. However secure peer to peer communication is much more than just that. SSL security includes, for instance, peer verification and protects against Man in the Middle attacks. Man in the Middle attacks don't work if the man in the middle don't know how to handle the encrypted data/protocol he is intercepting. True, and how do you manage that is not happening? Closed standards are inheritable much more secure than open standards. That's nothing but security through obscurity: http://en.wikipedia.org/wiki/Security_through_obscurity In this type of projects the use of the of this standard is wrong. He just don't need the SSL implementation complexity, nor the result slow to start communication, just to get his data secure. I don't know what _he needs, if _you want to invent your own security standards feel free to do so. SSL/TLS is used and accepted world-wide. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] HttpAppServer, how to alter client.path
Hi, I'm trying to create nested virtual document names like for example: /Admin/Serverinfo I created an URLHandler for that HttpAppSrv.AddGetHandler('/Admin/ServerInfo', TUrlHandlerAdmin); Images for web page are contained in {docroot}/images directory In the template document I use relative path to images etc... But this way the browser requests images from {webroot}/Admin/images/... Is there a way to rewrite path, to get images from directory one level up? Or should I forget those fancy URLs? Thanks Peter -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpAppServer, how to alter client.path
I found AddGetAllowedPath in demo project. Is that something to to do with this? What is it doing? Not much comment about it in the source. Peter Hi, I'm trying to create nested virtual document names like for example: /Admin/Serverinfo I created an URLHandler for that HttpAppSrv.AddGetHandler('/Admin/ServerInfo', TUrlHandlerAdmin); Images for web page are contained in {docroot}/images directory In the template document I use relative path to images etc... But this way the browser requests images from {webroot}/Admin/images/... Is there a way to rewrite path, to get images from directory one level up? Or should I forget those fancy URLs? -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] sending jpg through httpserver
I am trying to send a jpg from delphi's tjpgImage to a client with the tHTTPServer component. Would like to keep it in a memory stream and not save to disk, but AnswerStream is not what it sounds like. Searched the archives but found little that was close to what I wanted. Still using ICS 5. Any ideas? ed -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpAppServer, how to alter client.path
Ok, it is working now. Just some missing slashes in path caused trouble. Peter I found AddGetAllowedPath in demo project. Is that something to to do with this? What is it doing? Not much comment about it in the source. Peter -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] sending jpg through httpserver
Hi Edwin, AnswerStream is just perfect for that. Here is how I send png. It is stored in FpngStream, which is also a TMemoryStream. I dont want it to be destroyed after sent. That is why I create an other memory stream and copy then content. ClientCnx.DocStream := TMemoryStream.Create; ClientCnx.DocStream.CopyFrom(TSessionData(SessionList[index]).FpngStream,0); ClientCnx.AnswerStream(Flags,'','image/png',''); Peter 2011.01.26. 22:53 keltezéssel, Edwin @ Clanhay írta: I am trying to send a jpg from delphi's tjpgImage to a client with the tHTTPServer component. Would like to keep it in a memory stream and not save to disk, but AnswerStream is not what it sounds like. Searched the archives but found little that was close to what I wanted. Still using ICS 5. Any ideas? ed -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
Man in the Middle attacks don't work if the man in the middle don't know how to handle the encrypted data/protocol he is intercepting. True, and how do you manage that is not happening? Can't be happening because the man in the middle can't generate valid data, or alter intercepted data maintaining its validity, if he can't break the encrypt algorithm in time to inject his packets of data. This is also valid for SSL. Closed standards are inheritable much more secure than open standards. That's nothing but security through obscurity: http://en.wikipedia.org/wiki/Security_through_obscurity That's just a theoretic argument, not an undoubted reality. In this type of projects the use of the of this standard is wrong. He just don't need the SSL implementation complexity, nor the result slow to start communication, just to get his data secure. I don't know what _he needs, if _you want to invent your own security standards feel free to do so. SSL/TLS is used and accepted world-wide. Neither do I, but I'm assuming he only need what a generic data communication service needs in terms of security. Pass data in a way it can't be tampered/understood, if intercepted by someone outside the communication points. I'm not replying to you, Arno, to be impertinent. Far from that. It's just my opinion that a symmetric keyed algorithm, such as AES or Blowfish, with a clever time volatile salt added to the key, is enough for this case in particular. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Another unicode issue
In HttpAppServer, URLHandler Call Client.AnswerPage(Flags,'','','template.html',nil,['SOMEKEY','A']); The value of SOMEKEY must be one character long. Result rendered in html page: Unsupported TVarRec.VType = vtWideChar Steps to reproduce in demo: Modify TUrlHandlerHomePageHtml to pass just one character for 'LOGIN' procedure TUrlHandlerHomePageHtml.Execute; begin if NotLogged then Exit; AnswerPage('', NO_CACHE, '/HomePage.html', nil, -- ['LOGIN', 'Q', //UrlLogin, 'COUNTER', UrlCounter, 'CONFIG', UrlConfigForm, 'COUNTERVIEW', UrlCounterViewHtml, 'USERCODE',SessionData.UserCode, 'LOGINTIME', DateToStr(SessionData.LogonTime)]); Finish; end; Result: ... a href=/CounterView.htmlCounter view/a (AJAX)br a href=mailer.html?testingSend Email Form/abr brbr Your are not demo ? a href=Unsupported TVarRec.VType = vtWideCharChange/a user. hr div align=center ... Peter -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
RTT, First, I am not building a bank system where I would need extremely high security. It is a very simple monitoring system. SSL is okay for this as far as I am concerned. You may be right or may not. For me the mosty important here is to learn one thing at a time. If I listen you, I have to start learning something else also. Your way of handling is not going to help me to understand the ICS sockets better it will make things more complicated and difficult. A question, Would you help me with few code examples if I do exactly what you are saying? No!! I didn't think so. My motto is, If you aren't gonna help, don't bother because I already have got too many ideas and ways to use as the blowfish which you are talking about is one of them. Right now, I don't need ideas which makes things more difficult and complicated, I only need help for learning the ICS socket communication. If you really want to help me, Post me few examples (don't explain) of how to? - Send command to the client socket by using it's computer name - Recieve WMI information from the client socket == I am not asking you to help with WMI, I can do it myself, all I need is how to connect to WMI from server socket to the client socket and receive the data. - How to handle the errors of sockets (example: if client loses the connection it gives error in the window, how this can be handled in the sockets). This samples could be uploaded to the ICS component site where every starter would have possibility to use them as help source. Thanks -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli, bandWidthLimit ?
Arno, in FtpCli unit there's quite large piece of code {$IFDEF UseBandwidthControl} FBandwidthCount := 0; // Reset byte counter if ftpBandwidthControl in FOptions then begin if not Assigned(FBandwidthTimer) then FBandwidthTimer := TIcsTimer.Create(Self); FBandwidthTimer.Enabled := FALSE; FBandwidthTimer.Interval := FBandwidthSampling; FBandwidthTimer.OnTimer := BandwidthTimerTimer; FBandwidthTimer.Enabled := TRUE; // Number of bytes we allow during a sampling period FBandwidthMaxCount := Int64(FBandwidthLimit) * FBandwidthSampling div 1000; FBandwidthPaused := FALSE; end; {$ENDIF} repeating 4 times in TCustomFtpCli.DataSocketGetSessionConnected TCustomFtpCli.DataSocketPutSessionConnected TCustomFtpCli.DataSocketGetSessionAvailable TCustomFtpCli.DataSocketPutSessionAvailable Shouldn't it be extracted into separate procedure? Bruno, using BUILTIN_THROTTLE it's quite easy to add bandwidth control, just add Socket.BandwidthLimit and Socket.BandwidthSampling assignment after socket creation and that's all. -- Anton -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer and TWSocket Port
RTT: Why you insist in use SSL if the client and server applications are coded by you?!! Why use a standard that only exist because of the need to connect many different implementations of clients to many different implementations of servers? It's easy to implement encryption but you'll have to add key exchange also and exclude possibility of key sniffing what is quite harder. -- Anton -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be