User Tag List

Results 1 to 8 of 8

Thread: Security in Network/Internet Data Interaction

  1. #1
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export Module
    DracisLooby's Avatar
    Join Date
    Jun 2008
    Location
    Washington, United States
    Posts
    169
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Security in Network/Internet Data Interaction

    I'm having trouble finding a method for secure data to be transferred over a network, or the internet, such as user credentials, or "sensitive" data,

    Interaction with server side coding like PHP/Python/MS.ASP is easy, making it secure is not, there is no reliable way to safely transfer ANY data over HTTP, because everything is sent over plaintext, and can easily be sniffed by something like WireShark no problem.

    The obvious solution would be HTTPS, but GET object does not support SSL, so you would have to rely on the Download object, but then you are limited to GET requests, instead of POST, which is essentially just as insecure.

    My second method would be to use Sockets, and use Hash Encryption of text data, but it can also be sniffed just as easily, and is not nearly as cross-platform.

    So, I've become stuck. I have no idea where to go from here, other then writing a new/modifying a current object for this specific task, which is, atm, beyond my skill set.

    Any help would be appreciated, as well as any possible ideas I could work off of.

  2. #2
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export Module
    DracisLooby's Avatar
    Join Date
    Jun 2008
    Location
    Washington, United States
    Posts
    169
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Bump?

  3. #3
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export Module
    DracisLooby's Avatar
    Join Date
    Jun 2008
    Location
    Washington, United States
    Posts
    169
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Last bump, taking it for no-one has any ideas/no interest.

  4. #4
    Clicker

    Fusion 2.5 MacFusion 2.5 DeveloperFusion 2.5+ DLCAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleUnicode Add-onInstall Creator Pro
    StingRay's Avatar
    Join Date
    Nov 2006
    Location
    Austria
    Posts
    1,069
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Which Platform are you developing for?

  5. #5
    Clicker Fusion 2.5 DeveloperInstall Creator Pro

    Join Date
    Sep 2006
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi DracisLooby,
    I didn't had to work with this kind of problematic. The only thing I can say is that having only HTTP is annoying but not hopeless. Inside HTTP, you can just drop some cyphered data and define your own kind of protocol. If you search on the forum, there were some discussions on cyphered data exchange between MMF and PHP (especially using Blowfish at the time). It's not so easy but possible
    ouly

  6. #6
    Clicker

    Fusion 2.5 DeveloperFusion 2.5+ DLCAndroid Export ModuleSWF Export Module
    Konidias's Avatar
    Join Date
    Aug 2009
    Posts
    1,546
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Have the client handshake with the server first?

    1. Client sends some numbers to server (plain text)
    2. Server receives numbers, generate its own random numbers, then sends the generated numbers back to client. (plain text)
    3. Now using the two sets of numbers you can create a hash that the client and server can both use.
    4. Send encrypted data back and forth, use the hash to decrypt.

    Of course, sure... someone could intercept the numbers between the client/server... but then they'd also need to be able to know what system you have set up to calculate the hash, and then what encryption is being used, etc...

    It really depends on how extremely secure this needs to be. Obviously nothing is ever 100% secure... so you only really need security to a level that you feel comfortable with.

  7. #7
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export Module
    DracisLooby's Avatar
    Join Date
    Jun 2008
    Location
    Washington, United States
    Posts
    169
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey, thanks all for the replies! Logic based security is good for less sensitive data, but high sensitivity data, like real-user information, should never be sent over HTTP, even when the content itself is encrypted.

    Even with a 'random' numbering system, you would have to determine the legitimacy of the numbers based on a existing chart, or predictable key, to prevent someone from just intercepting, and either changing the data, or even emulating the real server.

    The combination of creating a predictable, yet non-patterend salt, as well as a custom encryption setup, would take more time then just writing a extension that supports HTTPS/SSL/TSL.

    Speaking of which, I decided to finally go ahead and do just that, writing a cURL extension using libcurl with SSL support for windows, but because cURL is cross platform, writing plugins for iOS/Android would not be difficult (and Mac when that point is met).

    More updates on that as it progresses. Thanks for all the good ideas though!

  8. #8
    Clicker

    Fusion 2.5 DeveloperFusion 2.5+ DLCAndroid Export ModuleiOS Export ModuleInstall Creator
    SirEatAlot's Avatar
    Join Date
    Oct 2010
    Location
    Stockholm, Sweden
    Posts
    426
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    I use AES encryption to submit and recieve data over HTTP between MMF and a PHP server. It works great and should be very secure, even if the connection itself is not encrypted, AES is used by many goverments to encrypt higly classified data. http://en.wikipedia.org/wiki/Advance...ption_Standard

    Should be enough for most game centric uses at least!

Similar Threads

  1. After Ugrade from MMF2 Dev to Fusion 2.5 Dev Alert from Norton Internet Security 2014
    By Duncki in forum Multimedia Fusion 2 - Technical Support
    Replies: 3
    Last Post: 7th December 2013, 05:17 PM
  2. Total Defense (CA Anti-Spyware) Internet Security False Positive
    By Grim_Jester in forum Multimedia Fusion 2 - Technical Support
    Replies: 4
    Last Post: 11th April 2013, 07:35 AM
  3. iphone interaction
    By TheCrimsonTaco in forum iOS Export Module Version 2.0
    Replies: 5
    Last Post: 4th April 2012, 01:11 PM
  4. Norton Internet Security won't run my aplications
    By Disthron in forum Multimedia Fusion 2 - Technical Support
    Replies: 20
    Last Post: 23rd September 2010, 11:13 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •