Search:

Type: Posts; User: Jeroen Steehouder

Search: Search took 0.00 seconds.

  1. Re: Hmac256 retrieve value using ClientAction

    The security library includes a number of methods to convert to and from hex, base32, and base64 encoding. These are available in the global security object.


    Get Bin2Hex of ghoSecurity ucaHMAC...
  2. Re: Hmac256 retrieve value using ClientAction

    Hi Mike,

    Your code sample uses dynamically created objects. This works fine, but if the key and algorithm are not flexible I would recommend the static object approach for clarity.




    I have...
  3. Re: Hmac256 retrieve value using ClientAction

    HMAC256 does not exist. I assume you mean HMAC-SHA256.

    As Harm mentioned, you should keep keys on the server unless you have no other choice. After all, if it is on the client this means everyone...
  4. Replies
    3
    Views
    1,726

    Sticky: Re: Welcome!

    No, it does not. 3DES is considered a weak cipher and should not be used anymore.

    On the other hand, CNG seems to support it. If you have specific requirements for 3DES, it may not be too hard to...
  5. Replies
    3
    Views
    1,726

    Sticky: Welcome!

    Data Access Worldwide is proud to present the first official beta release of the DataFlex Security Library, available for DataFlex 18.2 and up.

    With this library you can create and verify hashes,...
  6. Replies
    29
    Views
    1,455

    Re: Where to keep secret keys?

    It is being finalized - the first official release will be very soon.

    Jeroen
  7. Replies
    29
    Views
    1,455

    Re: Where to keep secret keys?

    Hi Mike,

    I think you should improve the secrecy of psVaultKey by using key derivation (https://en.wikipedia.org/wiki/Key_derivation_function). This means that the actual key is not available in...
  8. Replies
    29
    Views
    1,455

    Re: Where to keep secret keys?

    Mike,

    Let's start by looking at the LoginEncryptionKey.inc thing. This was a conscious choice we made. We believe that this method provides acceptable protection against normal end users of...
  9. Replies
    29
    Views
    1,455

    Re: Where to keep secret keys?

    Wil,

    It seems you have mixed up the keys. The public key is called public because it can be public - this is the key used for encryption. The idea is that everyone is allowed to encrypt data and...
  10. Replies
    3
    Views
    948

    Re: SQL Cleaner

    Thanks for that, Sean!

    Most of that SQL cleaner is more of a query builder though, and has nothing to do with escaping. I did forget to mention escaping the % and _ for LIKE filters. I will add...
  11. Replies
    9
    Views
    982

    Re: PayPal

    Hi Tom,

    We’re actually working on a Payment Module for the DF WebApp Framework. The module itself is a framework style library that allows you to attach multiple Payment Providers once they’re...
  12. Re: 2 Factor Authentication(Windows desktop application)

    Please note that 2FA using TOTP is not secure for desktop applications! The application needs your secret to verify the OTP, and if a desktop application has your key a determined power user or...
  13. Replies
    3
    Views
    551

    Re: OT: LibXl question

    We have some very good experiences with LibXL. We have (and sell) a library here at DAE that dataflexifies the API and handles most of the annoying stuff, such as OEM-ANSI-translations and errors.
    ...
  14. Replies
    1
    Views
    474

    Re: Page Layer

    Sub-reports do not know the concept of pages. They are embedded in another report and may not even have the same width as normally. If you have a report and create a new sub-report for it, you will...
  15. Re: Conditionally surpress Page Headers (RW 4.02)

    Well, it should work fine. You may want to submit your report and data to Data Access so it can be fixed in an upcoming release.

    Why don't you use report headers for this? Seems to me that that is...
Results 1 to 15 of 15