Security measures for writing network programs in Delphi
Delphi's MIDAS control provides a very convenient means for writing network programs. Using these controls, you can write client/server system programs on the local area network, and you can also easily create distributed processing applications on the Internet.
An important issue with network programs is security considerations. Some sensitive data is transmitted online and may be illegally intercepted, causing unnecessary losses. In the actual programming process, I took some effective preventive measures, which I will briefly introduce here.
1. Principle
Currently, there are many methods for data encryption, which play a certain role in data protection. However, if a fixed key is used or the key is transmitted along with the data, satisfactory confidentiality results cannot be achieved. In practice, I figured out a set of random key methods in the "request-response" mode, which is very satisfactory for keeping passwords and data confidential.
When the client program starts and attempts to establish a connection with the server program, the client program obtains a random string generated by the server program from the server. The system will use this string as a key to transmit the user's login password and data. Since the key is randomly generated by the server program, the key is different every time the customer logs in, thus greatly reducing the possibility of password interception leading to data theft.
The server can introduce a custom interface in the remote data module, which returns a random string. The remote data module should record this string as the key for subsequent processing. Random strings can be generated in various ways. The simplest method is to use the Random() function to generate a random number and then use the Format() function or IntToStr() to generate a string from this number.
2. User login measures
In order to prevent the program from being illegally debugged and thereby leaking the password, the customer's login information must be processed on the server side, or a security layer can be added specifically to be responsible for the customer's login. The customer's login information is stored in the customer information table, including user name, password, permissions and other information.
When the client program logs in, it first calls the server program's interface to obtain the key string, and uses this key to encrypt the user name and password entered by the user and sends the login information to the server. The encryption algorithm can be DES algorithm or other effective algorithm. After receiving the login information, the server first decrypts the login information with the previously generated and recorded random key, and then compares the decrypted information with the information in the stored customer information table to determine whether the customer information is legal and the customer Data permissions enjoyed, etc.
The client program for this process is as follows:
strKey:=myRemoteSever.GetKey();
{Calling the server's interface to obtain a random key}
UserName:=Ency(strUserName
strKey);
{Encrypt the username, Ency() is the encryption algorithm}
PassWord:=Ency(strPassword
strKey);
{Encrypt login password}
If myRemoteServer.LogIn(UserName
Password) then {Login}
Begin
{process}
End;
The server-side login process LogIn() is as follows:
strUserName:=DeEncy(UserName
strKey);
{Decrypt username, DeEncy() is the decryption algorithm}
strPassword:=DeEncy(Password
strKey);
{Decrypt login password}
{Query database}
if (Pass) then
Result:=true
Else
Result:=false;
It should be noted that StrKey should be defined as a global variable in both the server program and the client program.
In order to prevent the customer information table from being opened outside the program and thereby leaking the password, certain encryption measures can be implemented on the customer information. For example, a Password can be added to the PARADOX table, and the server program first provides the Password when accessing the customer information table.
3. Data transmission
In network applications, some sensitive data must be encrypted when transmitted over the Internet. Delphi's MIDAS mechanism provides a way to encrypt data. It can encrypt some fields before the data is transmitted to the client. It can also decrypt the corresponding fields of the data from the client after receiving the client's update data request before sending it to the database. Make an update. In order to achieve these goals, you can add a TPRovider or TdataSetProvider object to the remote data module of the server program, and set the DataSet property of this object to the data set to be processed. Add the following code to the OnGetData event of Tprovider:
with DataSet do
begin
while not EOF do
begin
Edit;
SensitiveData.AsString :=
Ency(SensitiveData.AsString
strKey);
{Encrypt sensitive data}
Post;
Next;
end;
end;
The above code can encrypt sensitive data before sending it to the client program.
Similarly, adding some processing code to the OnUpdateData event of Tprovider can decrypt the data sent by the client.
The above only introduces the general principles of implementing security measures for network programs. On this basis, other confidentiality measures can be added to achieve better confidentiality effects. For example, a client program can use specific auxiliary hardware devices to increase security. In the smart card application, the client program not only requires the user to enter the user name and password when logging in, the program also checks the type and specific content of the IC card in the IC reader. In this way, even if the password is leaked, no one will log in impersonation. Of course, no security measure is absolutely safe. Security measures must have a strict confidentiality system and a high degree of confidentiality awareness on the part of the users to truly maintain confidentiality.