When We use Tms web core application, data of client and server communication is visible for everbody.How we can encryption or hide this data ?
Encryption/decryption functions are available, but indeed somewhat difficult to access. For some background, you may be interested in this post:
Based on the findings there, for my personal usage I have created these 2 functions:
Type EncDecThenProc = Reference to Procedure(Const Result : String; Failed : Boolean);
Procedure Decrypt(Const Key, Encrypted : String; AndThen : EncDecThenProc);
Procedure Encrypt(Const Key, Decrypted : String; AndThen : EncDecThenProc);
{ Async encrypt and decrypt. After enc/dec is completed, the function in AndThen
will be called with the Result and an error flag Failed. If Failed is True,
then Result holds the error message. A call to Decrypt/Encrypt always returns
immediately. }
Implementation
Procedure Decrypt(Const Key, Encrypted : String; AndThen : EncDecThenProc);
Begin
If (not assigned(Key)) or (not assigned(Encrypted)) or
(Key='') or (Encrypted='') then AndThen('Arg missing',True)
Else
Begin
{$IfDef USECRYPTO}
TAESFunc.Decrypt(Key, TBclUtils.DecodeBase64Url(Encrypted),
Procedure(const AEncrypted: string)
Begin
AndThen(AEncrypted,False);
End,
Procedure(AError: string)
Begin
AndThen(AError,True);
End);
{$Else}
AndThen(Encrypted,False);
{$EndIf}
End;
End;
{---------------------------------------}
Procedure Encrypt(Const Key, Decrypted : String; AndThen : EncDecThenProc);
Begin
If (not assigned(Key)) or (not assigned(Decrypted)) or
(Key='') or (Decrypted='') then AndThen('Arg missing',True)
Else
Begin
{$IfDef USECRYPTO}
TAESFunc.Encrypt(Key, Decrypted,
Procedure(const ABytes: TBytes)
Begin
AndThen(TBclUtils.EncodeBase64Url(ABytes),False);
End,
Procedure(AError: string)
Begin
AndThen(AError,True);
End);
{$Else}
AndThen(Decrypted,False);
{$EndIf}
End;
End;
The above makes use of a type "TAESFunc". This you will find in a pascal unit named "CP.Func.AES.pas" that comes with the "AESEncrypt" demo in "...\tmssoftware\TMS WEB Core Demos\Basics\AES".
Caution: The actual encryption/decryption subsystem is a feature of the browser, so the encryption/decryption API may or may not be aivailable in the browser you are using.
You talk about visibility of data, at what exact point in the communication you see this visibility?
For the HTTP communication, it is recommended to always use HTTPS