Darth Florus Posted August 16, 2024 Posted August 16, 2024 Hi Pals: Because we are working with Bancs now, they (the bancs) have so many heavy security policy to comply to. This includes use of some specific cyphers that they approved because they were safer. As all We know Indy uses OpenSSL library to implement HTTPS, and normally OpenSSL is based with TLS-RSA encryption. Now there are more and newer secure cyphers that the bancs implement. We all know that basing developments on open source components is good, but it has the problem that they do not go at the same speed as commercial components, due to their work model and in very strict environments this can represent a problem. That is precisely why for high-demand developments it is better to use Delphi than Lazarus, but as we all know that has a high commercial cost. You may be wondering why I don't just use IIS to publish my web applications, which usually follows the security trends of banks. The reason is that this requires hiring a person with experience in the administration of this tool. Dealing with different windows services and different tcp port numbers is much simpler, both for us and for our infrastructure clients who perform mapping work on their router/dns. We are currently developing other web services (REST Servers) using Devart Secure Bridge with excellent results and it would be very convenient for us to be able to use it with UniGUI as an HTTP server instead of the Indy HTTP server. In the same way, there are other http server components such as Secure Black Box that are even better and it would also be very interesting to be able to use UniGUI with these components. Best Regars. 1
irigsoft Posted August 16, 2024 Posted August 16, 2024 5 hours ago, Darth Florus said: Hi Pals: Because we are working with Bancs now, they (the bancs) have so many heavy security policy to comply to. This includes use of some specific cyphers that they approved because they were safer. As all We know Indy uses OpenSSL library to implement HTTPS, and normally OpenSSL is based with TLS-RSA encryption. Now there are more and newer secure cyphers that the bancs implement. We all know that basing developments on open source components is good, but it has the problem that they do not go at the same speed as commercial components, due to their work model and in very strict environments this can represent a problem. That is precisely why for high-demand developments it is better to use Delphi than Lazarus, but as we all know that has a high commercial cost. You may be wondering why I don't just use IIS to publish my web applications, which usually follows the security trends of banks. The reason is that this requires hiring a person with experience in the administration of this tool. Dealing with different windows services and different tcp port numbers is much simpler, both for us and for our infrastructure clients who perform mapping work on their router/dns. We are currently developing other web services (REST Servers) using Devart Secure Bridge with excellent results and it would be very convenient for us to be able to use it with UniGUI as an HTTP server instead of the Indy HTTP server. In the same way, there are other http server components such as Secure Black Box that are even better and it would also be very interesting to be able to use UniGUI with these components. Best Regars. Hello, I'm wondering what (where) the problem is with "Secure Black Box" being integrated into unigui ? I am also looking for a solution to increase the security of my unigui application. I see on the Secure Black Box website that: "Security and Data Protection Components Secure File Transfer Support for all common file transfer protocols including FTP, SFTP, HTTP, and WebDAV. TLS 1.3 and TLS 1.2, EdDSA/ECC support, and more. Advanced Certificate Support Certificate Validation, Creation, and Storage. CRL Management and OCSP support. All Major Document Protection Standards CAdES, XAdES, Signing and Encryption support for PDF and Office documents. XML and OpenPGP Signing and Encryption. Authorization & Authentication SAML IdP (identity provider) and SP (service provider), OTP (one-time password), Client and Server components, KMIP, and more." Do you want to have the same functionality with unigui? ?
Darth Florus Posted August 16, 2024 Author Posted August 16, 2024 1 hour ago, irigsoft said: Hello, I'm wondering what (where) the problem is with "Secure Black Box" being integrated into unigui ? I am also looking for a solution to increase the security of my unigui application. I see on the Secure Black Box website that: "Security and Data Protection Components Secure File Transfer Support for all common file transfer protocols including FTP, SFTP, HTTP, and WebDAV. TLS 1.3 and TLS 1.2, EdDSA/ECC support, and more. Advanced Certificate Support Certificate Validation, Creation, and Storage. CRL Management and OCSP support. All Major Document Protection Standards CAdES, XAdES, Signing and Encryption support for PDF and Office documents. XML and OpenPGP Signing and Encryption. Authorization & Authentication SAML IdP (identity provider) and SP (service provider), OTP (one-time password), Client and Server components, KMIP, and more." Do you want to have the same functionality with unigui? ? I say this without the slightest intention of offending anyone. I simply wish UniGUI would support enforcing the https security certificates my clients provide me. These Cyphers issues and other security issues should not be my problem, I am an application developer, not a cybersecurity engineer.
irigsoft Posted August 17, 2024 Posted August 17, 2024 8 hours ago, Darth Florus said: I say this without the slightest intention of offending anyone. I simply wish UniGUI would support enforcing the https security certificates my clients provide me. These Cyphers issues and other security issues should not be my problem, I am an application developer, not a cybersecurity engineer. Sorry if I was rude. I wanted to express my support for what you asked, just wondering if your interest was piqued by the things I listed.
Darth Florus Posted August 19, 2024 Author Posted August 19, 2024 On 8/17/2024 at 12:51 AM, irigsoft said: Sorry if I was rude. I wanted to express my support for what you asked, just wondering if your interest was piqued by the things I listed. I know Secure Black Box, we use it for other things too. But for UniGUI what I find most interesting would be "Advanced Certificate Support".
Fred Montier Posted January 8 Posted January 8 On 8/19/2024 at 4:27 PM, Darth Florus said: I know Secure Black Box, we use it for other things too. But for UniGUI what I find most interesting would be "Advanced Certificate Support". You can easily integrate Chilkat to any Delphi project. I've done that and they have the latest security stuff in all and for all platforms. Don't separate Delphi from uniGUI. It's all Delphi first. So, if isn't browser visual output, certainly you can use it. More so if a isolated DLL, like Chilkat. I see all this misconception between uniGUI <-> Delphi and what can be done. Simple rule: is visual and I/O dependent client-side task, will not work. ALL, but all other components you can put to work as long you don't need to poke the client-side with the browser dependency. Security, encryption is just a matter of choosing the best solution. Just be aware about auto creating forms, and DM and regular VCL form. People built 75% of the whole internet in PHP (a script language) that only runs in server-side ! See the point ? A LOT, but a LOT of banks and financials run PHP and DLL ISAPI, Apache SO, or parallel server one tier behind the entrance level. An when there is some fault is always, inside job or bad service design. Like this here. Same stuff people complaining Indy solution and asking to uniIGUI team change it. Face Palm here ! And last but not least, you can place another http component (look for trade safety, and pick the better ) in uniGUI standalone. Since they are not in the same port... no problem. Have done just that in many projects: uniGUI does the visual browser/session stuff and the other server do some dirty job, but all server-side. No way some one invades, intercept because it never serviced out side the machine. So, with some research, there is no problem with that. And for sure, if uniGUI Team spend theirs precious time research and dev. in this minor details, that can be solved by long available solutions in Delphi, uniGUI days are numbered. That is really worries me. Because winter is coming ! Irigsoft is completely correct about that. Keep watching him, he is always on this subject that is very important.
Darth Florus Posted April 1 Author Posted April 1 I'm just saying there should be a way to separate the HTTP server from page generation, like Intraweb has been doing for years. We've had a few months of stifling heat here (an average of 40 degrees every day), so I'm really looking forward to winter arriving. Anyway, I've already found another way to improve security: using WAF servers and reverse proxies. Best Regards to all.
Fred Montier Posted May 29 Posted May 29 On 4/1/2025 at 5:39 PM, Darth Florus said: HTTP server from page generation, like Intraweb has been doing for years. That is new for me. Coming from Intraweb for more than 15 years, I did not know that it could work stateless. If is like that, is better than NODE.js, agree ? Wait ...
Fred Montier Posted June 8 Posted June 8 On 4/1/2025 at 5:39 PM, Darth Florus said: I'm just saying there should be a way to separate the HTTP server from page generation, like Intraweb has been doing for years. We've had a few months of stifling heat here (an average of 40 degrees every day), so I'm really looking forward to winter arriving. Anyway, I've already found another way to improve security: using WAF servers and reverse proxies. Best Regards to all. In Servermodule, handle it at Document / Command and changing the flag Handle to true: Got a whole server all for your self. That is the simples way to create a Rest or API server in 2 minutes. You also should know that you can run any other server (like the Tdhttpserver in another port) and do whatever you want, right ?
Recommended Posts