Delphi Writing Network Program Security Measures
Delphi's MIDAS control provides a very convenient means for writing a network program. With these controls, you can write a client / server system program on a local area network, and can easily create a dispersion process on the Internet.
An important issue for web programs is security considerations. Some sensitive data is transmitted online, which is likely to be illegally intercepted to cause unnecessary losses. In the actual programming process, I have adopted some effective prevention measures to make some simple introduction.
First, principle
There are many ways to perform data encryption, and the protection of data is placed. However, if a fixed key or a key is transmitted with the data, unsatisfactory confidential effects cannot be achieved. In the practice process, I figured out a random key method for "request-answer" mode, which is very satisfied with the secret code and data.
When the client program starts and attempts to establish a connection with the server program, the client obtains a random string generated by the server program from the server side, which will transmit the user login password and data in this string. Since the key is randomly generated by the server program, the client is different, and the key is greatly reduced by the password to be intercepted caused the data to be stolen.
The server side can lead a custom interface in the remote data module that returns a random string. The remote data module is to record the string as a subsequent processing key. The generating method of the random string can be varied, the easiest way is to generate a random number with a random () function to generate a string with the format () function or INTOSTR ().
Second, user login measures
In order to prevent the program from being illegally commissioned to leak the password, the customer's login information must be processed on server-side, or a security layer can be added to the customer's login. The customer's login information is stored in the customer's data sheet, including information such as username, password, permissions.
When the client is logged in, the interface of the server program will be used to obtain the key string, and use this key to encrypt the username and password entered by the user and send login information to the server. The encryption algorithm can be a DES algorithm or other effective algorithm. After the server receives the login information, first decrypt the login information with the random key generated and recorded, and then compute the decrypted information with the information stored in the stored customer data sheet, thus judge whether the customer information is legal and the customer Enjoy data permissions, etc.
The client program of the process is as follows:
strkey: = myRemotesever.getKey ();
{Call server interface to get a random key}
Username: = Ency (Strusername
StrKey);
{Encrypt the username, ency () is an encryption algorithm}
Password: = ency (strpassword
StrKey);
{Encrypt the login password}
IF myremoteserver.login (username
Password) THEN {login}
Begin
{Processed}
END;
The login process login () is as follows:
Strusername: = deENcy (username
StrKey);
{Decrypt the username, deENcy () is a decision algorithm}
Strpassword: = deENcy (Password
StrKey);
{Decryption of login password}
{Query database}
IF (Pass) THEN
Result: = TRUE
Else
Result: = FALSE;
It should be noted that StrKey should be defined as a full variable in the server program and the client program.
In order to prevent customer information sheets from being opened out of the program, a certain encryption measures can be performed on customer data, such as the ParaDOX table, which provides the Password when the server program is accessing the customer data sheet.
Third, data transfer
In the network program, some sensitive data must be encrypted when transmitting online. Delphi's MIDAS mechanism provides data encryption, and can encrypt some fields before the data transfer to the client, or decrypt the corresponding fields from the client data after receiving the client's update data request to decrypt the database. Update. To achieve some purposes, a TPROVIDER can be added to the remote data module of the server program or the TDataSetProvider object, and the DataSet property of this object is set to the data set to be processed. Add the following code in the TPROVIDER's ONGETDATA event: with dataset do
Begin
While not Eof do
Begin
EDIT;
SensitiveData.Asstring: =
Ency (SensitiveData.Asstring
StrKey);
{Sensitive data encryption}
POST;
NEXT;
END;
END;
The above code can be encrypted after the sensitive data is encrypted and sent to the client program.
Similarly, add some processing code to the client to decrypt the data sent by the client in the TPROVIDER's onupdatedata event.
The above is only introduced the general principles of network program security measures. On this basis, other confidentiality measures can be added to achieve a better confidentiality. For example, a client program can increase security with a specific auxiliary hardware device. In a smart card application, the client does not only require the user to enter the username and password, which simultaneously check the type and specific content of the IC card in the IC reader, so that password leaks will not be named. Login. Of course, any safety measures are not absolutely safe, and safety measures must have strict confidentiality system and the highly confidential sense of user users to truly function.
