Sign in to follow this  
Followers 0
longworthbob

Security with HTTPS in InetRead

4 posts in this topic

$url = "https://website.com/getdata.php?database=dbasename&user=username&password=password&rowid=number"

$data = InetRead($url,1)

The above works well with a PHP script on the server that GETs the parameters and does a mysql query and returns the appropriate data. I'm just not sure how secure it is. I've scanned the forum and documentation for another way to acheive this, but have missed it. If it does exist, and I'm sure it does, it's bound to be less than this straightforward.

I've used WireShark to snoop the packets and found them to be encrypted. I also used ProcessExplorer to try and find anything going over the command line to ie or any other program and did not find anything.

This is a pretty easy way to get some data out of a remote database if it can be done securely. It has the benefits of not requiring any special libraries or drivers. Any info anyone can provide regarding the pros and cons of this approach would be much appreciated.

Share this post


Link to post
Share on other sites



Hallo.

Just use encryption;)

See the help file for _StringEncrypt()

or you can use UDF (for example offenly i'm using it ( __STringencrypt() funcsion from SkinnyWhiteGuy (Advantage = You can crypt/decrypt unicode data)

Theris a lot of GREAT encryption UDFS.

Idea in this:

1)just encrypt on fly your data ( if *.ini file changes dynamically)

2)then write to your *.ini file.

3)Final stage:Decrypt it and do https request from your executable.

But keep in mind.At least you need protect your executable from reverse engineering.Use packer,protectors etc.Theris a lot of ways.

BTW client side execution can'not be secured 100%:graduated:

Cheers.


[size="5"] [/size]

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Yes, when using SSL, the whole HTTP-request is wrapped inside the SSL-connection. That means that everyxthing including the URL is encrpyted.

Edited by ProgAndy

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Share this post


Link to post
Share on other sites

Thanks to you both, Fire and ProgAndy. I think I know how I will proceed now.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0