Re: open secure socket... using certificate

2021-02-02 Thread Richard Gaskin via use-livecode
If the goal were point-scoring gotchas, that I frequently advocate industry best practices for security redundancy might indeed seem out of place here. I am normally a belt-and-suspenders kinda guy, and I make no apologies for it. Those redundancies usually come up in discussions about

Re: open secure socket... using certificate

2021-02-02 Thread Tom Glod via use-livecode
Hhahah Richard, that was hilarious. :D Given I've given you next to no info on the use case, I understand why it may seem overkill, and maybe it is. A wise person once told me and I'm paraphrasing. " you can't prevent everything so the task at hand is to make things harder and take

Re: open secure socket... using certificate

2021-02-01 Thread Richard Gaskin via use-livecode
Tom Glod wrote: > Richard, > > Lets say one of my users is targeted by a hacker and they manage > to install a malware process on their system that will capture all > the data flowing between the 2 processes. > Then they do not need to be sitting in the victim's chair. > But if the data was

Re: open secure socket... using certificate

2021-02-01 Thread Tom Glod via use-livecode
Richard, Lets say one of my users is targetted by a hacker and they manage to install a malware process on their system that will capture all the data flowing between the 2 processes. Then they do not need to be sitting in the victim's chair. But if the data was encrypted, this wouldn't matter.

Re: open secure socket... using certificate

2021-02-01 Thread Richard Gaskin via use-livecode
Tom Glod wrote: > On Fri, Jan 29, 2021 at 1:09 AM Richard Gaskin wrote: >> The main benefit of encrypted sockets is to mitigate man-in-the- >> middle attacks. >> >> If you have a man in the middle of processes on a local computer that >> isn't you, it would seem you have bigger concerns. ;) ...

Re: open secure socket... using certificate

2021-01-29 Thread Tom Glod via use-livecode
Hi Richard...the man in the middle attack is exactly the thing I was thinking of. On Fri, Jan 29, 2021 at 1:09 AM Richard Gaskin via use-livecode < use-livecode@lists.runrev.com> wrote: > Tom Glod wrote: > > > Richard. in the labs .. I am testing the viability of using > > Livecode as

Re: open secure socket... using certificate

2021-01-29 Thread e.beugelaar--- via use-livecode
2021 7:19:58 PM To: How to use LiveCode Cc: Bernard Devlin Subject: Re: open secure socket... using certificate Hi Richard The idea of client certificates was why I was looking for this feature for the past 15 years. I know that PKI is complex but it is important (which is why browsers imple

Re: open secure socket... using certificate

2021-01-29 Thread Bernard Devlin via use-livecode
Hi Richard The idea of client certificates was why I was looking for this feature for the past 15 years. I know that PKI is complex but it is important (which is why browsers implemented it decades ago). Even tsNet behaves very differently on Windows and OS X when it comes to server certificates

Re: open secure socket... using certificate

2021-01-29 Thread Richard Gaskin via use-livecode
Bernard Devlin wrote: > On Thu, Jan 28, 2021 at 4:44 PM Richard Gaskin wrote: >> Is this specific to the server "accept" not supporting SSL, >> or something client-side? > > Hi Richard, it's client side. > > The project is a messaging app, principally for mobile. SSL/TLS > certificates issued

Re: open secure socket... using certificate

2021-01-29 Thread Bernard Devlin via use-livecode
Hi Richard, it's client side. The project is a messaging app, principally for mobile. SSL/TLS certificates issued with client software enable servers to know that the connection is allowed at a network level before any user authentication. In the early stages of development it was simple enough

Re: open secure socket... using certificate

2021-01-28 Thread Richard Gaskin via use-livecode
Tom Glod wrote: > Richard. in the labs .. I am testing the viability of using > Livecode as ONLY a UI layer. So I have to find the fastest way of > getting decrypted JSON data from Core process (Go binary) to the UI > Layer that is a LC stack. SLL encryption/decryption adds overhead to

Re: open secure socket... using certificate

2021-01-28 Thread Bob Sneidar via use-livecode
With SSL the encryption occurs at the socket level, that is the socket is secured by virtue of it’s creation. With StartTLS, also an SSL protocol, the socket is first established, then a secure tunnel is created. (Transport Layer Security) My point? The socket connection itself does not need

Re: open secure socket... using certificate

2021-01-28 Thread Tom Glod via use-livecode
secure socket "livecode.com:443" > > > >> > > > >> Examples: > > > >> > > > >> https://livecode.fandom.com/wiki/Secure_socket > > > >> > > > >> -Original Message- > > > >> Fr

Re: open secure socket... using certificate

2021-01-28 Thread Bob Sneidar via use-livecode
Agreed. All a cert does is guarantee (if I can use such a word in the security realm) that the current host is who they say they are. If simple encryption is needed, just do that. I use unsecured sockets in one of my libraries, but I encrypt the data before I send it, then decrypt it on the

Re: open secure socket... using certificate

2021-01-28 Thread Richard Gaskin via use-livecode
Bernard Devlin wrote: > I feel like a sucker. I started on this project a few months ago on > the assumption that socket certificates now worked as they'd been > included in the Dictionary for years. I was away from development for > a few years and hadn't noticed the complaints that the

Re: open secure socket... using certificate

2021-01-28 Thread Richard Gaskin via use-livecode
Tom Glod wrote: > Wondering if it will be super hard to create certificate and make it > work on localhost sockets. Pardon my naivete, but what is the value of a secured socket in local socket comms? -- Richard Gaskin Fourth World Systems Software Design and Development for the Desktop,

RE: open secure socket... using certificate

2021-01-28 Thread Erik Beugelaar via use-livecode
januari 2021 11:48 To: How to use LiveCode Cc: Bernard Devlin Subject: Re: open secure socket... using certificate Hi Tom You shouldn't get any hopes up. I'd commented in the bug report in 2014 that this was something that we'd been told was coming back in the days of LC version 2. I think when

Re: open secure socket... using certificate

2021-01-27 Thread Bernard Devlin via use-livecode
> >> > > >> secure socket "livecode.com:443" > > >> > > >> Examples: > > >> > > >> https://livecode.fandom.com/wiki/Secure_socket > > >> > > >> -Original Message- > > >> From: us

Re: open secure socket... using certificate

2021-01-27 Thread Bernard Devlin via use-livecode
Thanks for confirming it Mark. I feel like a sucker. I started on this project a few months ago on the assumption that socket certificates now worked as they'd been included in the Dictionary for years. I was away from development for a few years and hadn't noticed the complaints that the

Re: open secure socket... using certificate

2021-01-26 Thread Mark Wieder via use-livecode
On 1/26/21 6:05 AM, Bernard Devlin via use-livecode wrote: Is it really the case that for the past 6 years LC documentation has been misleading people concerning the implementation of certificates for secure socket connections? Sadly, yes. I notice in the Dictionary the entry for "open

Re: open secure socket... using certificate

2021-01-26 Thread Tom Glod via use-livecode
.com> wrote: > >> > >> Maybe this: > >> > >> secure socket "livecode.com:443" > >> > >> Examples: > >> > >> https://livecode.fandom.com/wiki/Secure_socket > >> > >> -Original Message- > >> Fro

Re: open secure socket... using certificate

2021-01-26 Thread Brian Milby via use-livecode
quot; >> >> Examples: >> >> https://livecode.fandom.com/wiki/Secure_socket >> >> -Original Message- >> From: use-livecode On Behalf Of >> Bernard Devlin via use-livecode >> Sent: dinsdag 26 januari 2021 16:40 >> To: How to us

Re: open secure socket... using certificate

2021-01-26 Thread Bernard Devlin via use-livecode
; > > Examples: > > https://livecode.fandom.com/wiki/Secure_socket > > -Original Message- > From: use-livecode On Behalf Of > Bernard Devlin via use-livecode > Sent: dinsdag 26 januari 2021 16:40 > To: How to use LiveCode > Cc: Bernard Devlin > Subject: R

RE: open secure socket... using certificate

2021-01-26 Thread Erik Beugelaar via use-livecode
: Re: open secure socket... using certificate I did. I tried these too: *open* *secure* socket to "localhost:443" using certificate tc and key tk *open* *secure* socket to "localhost:443" without verification using certificate tc and key tk When the above lines ar

Re: open secure socket... using certificate

2021-01-26 Thread Bernard Devlin via use-livecode
I did. I tried these too: *open* *secure* socket to "localhost:443" using certificate tc and key tk *open* *secure* socket to "localhost:443" without verification using certificate tc and key tk When the above lines are entered in the script editor they are flagged as being syntax errors. In

Re: open secure socket... using certificate

2021-01-26 Thread Brian Milby via use-livecode
Did you try with “and key tKey”... it does not look like that part is optional. Sent from my iPhone > On Jan 26, 2021, at 9:07 AM, Bernard Devlin via use-livecode > wrote: > > According to the Dictionary in LC 9.5.1 there is this command: > > open secure socket [from