If the goal were point-scoring gotchas, that I frequently advocate
industry best practices for security redundancy might indeed seem out of
place here. I am normally a belt-and-suspenders kinda guy, and I make no
apologies for it.
Those redundancies usually come up in discussions about
Hhahah Richard, that was hilarious. :D Given I've given you next to no info
on the use case, I understand why it may seem overkill, and maybe it is.
A wise person once told me and I'm paraphrasing. " you can't
prevent everything so the task at hand is to make things harder and
take
Tom Glod wrote:
> Richard,
>
> Lets say one of my users is targeted by a hacker and they manage
> to install a malware process on their system that will capture all
> the data flowing between the 2 processes.
> Then they do not need to be sitting in the victim's chair.
> But if the data was
Richard,
Lets say one of my users is targetted by a hacker and they manage to
install a malware process on their system that will capture all the data
flowing between the 2 processes.
Then they do not need to be sitting in the victim's chair.
But if the data was encrypted, this wouldn't matter.
Tom Glod wrote:
> On Fri, Jan 29, 2021 at 1:09 AM Richard Gaskin wrote:
>> The main benefit of encrypted sockets is to mitigate man-in-the-
>> middle attacks.
>>
>> If you have a man in the middle of processes on a local computer that
>> isn't you, it would seem you have bigger concerns. ;)
...
Hi Richard...the man in the middle attack is exactly the thing I was
thinking of.
On Fri, Jan 29, 2021 at 1:09 AM Richard Gaskin via use-livecode <
use-livecode@lists.runrev.com> wrote:
> Tom Glod wrote:
>
> > Richard. in the labs .. I am testing the viability of using
> > Livecode as
2021 7:19:58 PM
To: How to use LiveCode
Cc: Bernard Devlin
Subject: Re: open secure socket... using certificate
Hi Richard
The idea of client certificates was why I was looking for this feature for
the past 15 years. I know that PKI is complex but it is important (which is
why browsers imple
Hi Richard
The idea of client certificates was why I was looking for this feature for
the past 15 years. I know that PKI is complex but it is important (which is
why browsers implemented it decades ago). Even tsNet behaves very
differently on Windows and OS X when it comes to server certificates
Bernard Devlin wrote:
> On Thu, Jan 28, 2021 at 4:44 PM Richard Gaskin wrote:
>> Is this specific to the server "accept" not supporting SSL,
>> or something client-side?
>
> Hi Richard, it's client side.
>
> The project is a messaging app, principally for mobile. SSL/TLS
> certificates issued
Hi Richard, it's client side.
The project is a messaging app, principally for mobile. SSL/TLS
certificates issued with client software enable servers to know that the
connection is allowed at a network level before any user authentication.
In the early stages of development it was simple enough
Tom Glod wrote:
> Richard. in the labs .. I am testing the viability of using
> Livecode as ONLY a UI layer. So I have to find the fastest way of
> getting decrypted JSON data from Core process (Go binary) to the UI
> Layer that is a LC stack.
SLL encryption/decryption adds overhead to
With SSL the encryption occurs at the socket level, that is the socket is
secured by virtue of it’s creation. With StartTLS, also an SSL protocol, the
socket is first established, then a secure tunnel is created. (Transport Layer
Security)
My point? The socket connection itself does not need
secure socket "livecode.com:443"
> > > >>
> > > >> Examples:
> > > >>
> > > >> https://livecode.fandom.com/wiki/Secure_socket
> > > >>
> > > >> -Original Message-
> > > >> Fr
Agreed. All a cert does is guarantee (if I can use such a word in the security
realm) that the current host is who they say they are. If simple encryption is
needed, just do that.
I use unsecured sockets in one of my libraries, but I encrypt the data before I
send it, then decrypt it on the
Bernard Devlin wrote:
> I feel like a sucker. I started on this project a few months ago on
> the assumption that socket certificates now worked as they'd been
> included in the Dictionary for years. I was away from development for
> a few years and hadn't noticed the complaints that the
Tom Glod wrote:
> Wondering if it will be super hard to create certificate and make it
> work on localhost sockets.
Pardon my naivete, but what is the value of a secured socket in local
socket comms?
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop,
januari 2021 11:48
To: How to use LiveCode
Cc: Bernard Devlin
Subject: Re: open secure socket... using certificate
Hi Tom
You shouldn't get any hopes up. I'd commented in the bug report in 2014 that
this was something that we'd been told was coming back in the days of LC
version 2.
I think when
> >>
> > >> secure socket "livecode.com:443"
> > >>
> > >> Examples:
> > >>
> > >> https://livecode.fandom.com/wiki/Secure_socket
> > >>
> > >> -Original Message-
> > >> From: us
Thanks for confirming it Mark.
I feel like a sucker. I started on this project a few months ago on the
assumption that socket certificates now worked as they'd been included in
the Dictionary for years. I was away from development for a few years and
hadn't noticed the complaints that the
On 1/26/21 6:05 AM, Bernard Devlin via use-livecode wrote:
Is it really the case that for the past 6 years LC documentation has been
misleading people concerning the implementation of certificates for secure
socket connections?
Sadly, yes.
I notice in the Dictionary the entry for "open
.com> wrote:
> >>
> >> Maybe this:
> >>
> >> secure socket "livecode.com:443"
> >>
> >> Examples:
> >>
> >> https://livecode.fandom.com/wiki/Secure_socket
> >>
> >> -Original Message-
> >> Fro
quot;
>>
>> Examples:
>>
>> https://livecode.fandom.com/wiki/Secure_socket
>>
>> -Original Message-
>> From: use-livecode On Behalf Of
>> Bernard Devlin via use-livecode
>> Sent: dinsdag 26 januari 2021 16:40
>> To: How to us
;
>
> Examples:
>
> https://livecode.fandom.com/wiki/Secure_socket
>
> -Original Message-
> From: use-livecode On Behalf Of
> Bernard Devlin via use-livecode
> Sent: dinsdag 26 januari 2021 16:40
> To: How to use LiveCode
> Cc: Bernard Devlin
> Subject: R
: Re: open secure socket... using certificate
I did. I tried these too:
*open* *secure* socket to "localhost:443" using certificate tc and key tk
*open* *secure* socket to "localhost:443" without verification using
certificate tc and key tk
When the above lines ar
I did. I tried these too:
*open* *secure* socket to "localhost:443" using certificate tc and key tk
*open* *secure* socket to "localhost:443" without verification using
certificate tc and key tk
When the above lines are entered in the script editor they are flagged as
being syntax errors. In
Did you try with “and key tKey”... it does not look like that part is optional.
Sent from my iPhone
> On Jan 26, 2021, at 9:07 AM, Bernard Devlin via use-livecode
> wrote:
>
> According to the Dictionary in LC 9.5.1 there is this command:
>
> open secure socket [from
According to the Dictionary in LC 9.5.1 there is this command:
open secure socket [from [localHostName][:localPort]] [to] socketID [with
message callbackMessage] [without verification] *[using certificate
certificate and key key]*
However I can't get it to work.
open secure socket to
27 matches
Mail list logo
