ibmi-brunch-learn

Announcement

Collapse
No announcement yet.

How do I secure socket output?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do I secure socket output?

    I have a program that uses socket API's to send a file. I have been asked to make this transmission secure. How do I accomplish this? I have limited experience working with certificates.

    Thank you.

  • #2
    This is the HTTP forum, which makes me think you've written an HTTP client or server using the socket API. Is that correct? (You haven't provided very much information.)

    If so, the way that HTTP is usually secured is by using the TLS (more commonly known as "SSL") protocol. You mention certificates... x.509 certificates are used as part of TLS/SSL, which makes me think that might be what you're thinking about?

    What programming language are you working in?

    Is there a reason you want to write this yourself rather than using one of the zillion or so existing implementations of HTTP?

    Comment


    • #3
      Thank you Scott for your response.

      I wrote the program following the examples in your RPG IV Socket Tutorial. It seemed like a good idea at the time.

      After posting my question I learned about the SSL_API's, and it looks like they will give me what I am looking for.

      If I were doing it today I would use your HTTPAPI, and I might end up re-doing it. But that will have an impact on the folks that retrieve the data and I am trying to consider all alternatives.

      I apologize if I posted this on the wrong forum. Please let me know the correct one.

      Comment


      • #4
        Originally posted by LBurkett99 View Post
        ...that will have an impact on the folks that retrieve the data and I am trying to consider all alternatives.
        Another forum might be better, but it's unlikely that you'll get better answers. Best answers are likely to come from the same members regardless. I'd think that the biggest impact might be on future members searching for related info.

        In any case, you might strongly consider a HTTP(S) solution. Unless "the folks that retrieve the data" are already fairly familiar with coding for secure sockets, it might actually be easier for them. You should ask them what they prefer before going to far either way.
        Tom

        There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors.

        Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?

        Comment


        • #5
          Honestly, the problem I had with your original post was that there was so little information provided, I could not tell what you were asking. There are literally hundreds of thousands of network protocols that have been implemented using TCP/IP. And the Socket API is not limited to only TCP/IP, it can do other things as well... so with your original post, I was left guessing what you were asking from perhaps a million different possibilities. The forum you posted it in was rally the only clue of what protocol you were referring to.

          If you want to write your own HTTP implementation with SSL/TLS, then I would strongly recommend using the Global Secure Toolkit (GSKit) APIs instead of the older SSL_ APIs. They are much easier to use, much more fool-proof, and they do exactly the same thing. There is no advantage to using the SSL_ APIs.

          There is extensive information on SSL/TLS (including both sets of APIs) in the Information Center:


          I've provided a copy book for the GSKIT APIs for RPG here:


          I've written articles on using SSL from RPG, but unfortunately they are on iProDeveloper.com which has screwed up some of their code figures and lost all of the code downloads. But, you can check them out if you like:
          Read through for news and resources on software development topics, including low-code-no-code, serverless computing and programming languages.

          Read through for news and resources on software development topics, including low-code-no-code, serverless computing and programming languages.


          Of course, you can also look at the code in HTTPAPI which already fully supports it.

          Comment


          • #6
            I have decided to re-do this function using HTTP but I don't know how to wait for a request, invoke the program and return the response.

            I've work a little with HTTPAPI and created a program which sends a request to a server and receives a reply. But now I need to be the server and what I see in HTTPAPI is how to be a client.

            The program today accepts a request for either customer or inventory information and writes back a lengthy xml string. I looked at Web Services Server. Would this be a reasonable approach, with an output parameter capable of holding the entire xml string? I feel like there is a better way and welcome any suggestions.

            Comment


            • #7
              Correct, HTTPAPI is a client.

              For a server, I would either use the IBM HTTP Server (powered by Apache) or the Integrated Web Services server, depending on the scenario.

              If you want to do the XML work yourself, I would use Apache. I'd only use IWS if your situation is simple enough that it's built-in XML/JSON processing can handle the job for you.

              I don't know what "Web Services Server" is referring to. If that's the name of the product, then it's something I'm not familiar with.

              Comment


              • #8
                My bad. I dropped the word "Integrated".

                The XML should not be a problem. I'm just changing interfaces from sockets to web browser.

                I have re-done the program to provide an output parameter for the XML string, but I cannot find what URL is needed to invoke the service. Can someone point in the right direction for this? Maybe it's just my ignorance of how HTTP works.

                Comment


                • #9
                  It finally dawned on me what SOAPUI is all about. I installed it and tested the program. I looks pretty good, but I think I need to do some work to make the XML output more to standards.

                  Thanks for all your help.

                  Comment


                  • #10
                    Now I have another question.

                    The program has three parameters, one to identify which of two XML strings to return, and a user ID and password for authorization. Is there some best practice on how to send notification to the requester when any of these are invalid? And how about the case that some unexpected program error has occurred? I really don't like responses that say "an error occurred".

                    Comment


                    • #11
                      I am not familiar with your particular web service.

                      Typically, a web service sends back a document in a format like XML or JSON, and it's easy enough to put a message in that document. Some formats, such as SOAP, define exactly where/how that error is sent back. Others leave it to the web service provider to come up with their own way.

                      But, it's pretty straightforward, usually... send back a 500 code and put the message explaining the cause in the document that's returned.

                      Comment


                      • #12
                        This is iSeries Integrated Web Services server and mine is a SOAP service.

                        Your reply to another post on this forum about sending a SOAP fault shows me I can get what I want by sending an *ESCAPE message to the caller.

                        In searching for this answer I can across a post on another site about including credentials in the SOAP header. Seems like a better way than including them in the body. Does anyone have any experience with this? Is this something IWS will recognize and process, or does the program handle it?

                        Comment

                        Working...
                        X