http request and response encryption

Mehmet_Durmaz · January 21, 2021, 6:26am

When We use Tms web core application, data of client and server communication is visible for everbody.How we can encryption or hide this data ?

Miesen_Mirko · January 21, 2021, 12:27pm

Encryption/decryption functions are available, but indeed somewhat difficult to access. For some background, you may be interested in this post:

Based on the findings there, for my personal usage I have created these 2 functions:

Type EncDecThenProc = Reference to Procedure(Const Result : String; Failed : Boolean);
Procedure Decrypt(Const Key, Encrypted : String; AndThen : EncDecThenProc);
Procedure Encrypt(Const Key, Decrypted : String; AndThen : EncDecThenProc);
{ Async encrypt and decrypt. After enc/dec is completed, the function in AndThen
  will be called with the Result and an error flag Failed. If Failed is True,
  then Result holds the error message. A call to Decrypt/Encrypt always returns
  immediately. }

Implementation

Procedure Decrypt(Const Key, Encrypted : String; AndThen : EncDecThenProc);
Begin
 If (not assigned(Key)) or (not assigned(Encrypted)) or
    (Key='') or (Encrypted='') then AndThen('Arg missing',True)
 Else
  Begin
   {$IfDef USECRYPTO}
   TAESFunc.Decrypt(Key, TBclUtils.DecodeBase64Url(Encrypted),
    Procedure(const AEncrypted: string)
     Begin
      AndThen(AEncrypted,False);
     End,
    Procedure(AError: string)
     Begin
      AndThen(AError,True);
     End);
   {$Else}
    AndThen(Encrypted,False);
   {$EndIf}
  End;
End;

{---------------------------------------}

Procedure Encrypt(Const Key, Decrypted : String; AndThen : EncDecThenProc);
Begin
 If (not assigned(Key)) or (not assigned(Decrypted)) or
    (Key='') or (Decrypted='') then AndThen('Arg missing',True)
 Else
  Begin
   {$IfDef USECRYPTO}
    TAESFunc.Encrypt(Key, Decrypted,
     Procedure(const ABytes: TBytes)
      Begin
       AndThen(TBclUtils.EncodeBase64Url(ABytes),False);
      End,
     Procedure(AError: string)
      Begin
       AndThen(AError,True);
      End);
   {$Else}
    AndThen(Decrypted,False);
   {$EndIf}
  End;
 End;

The above makes use of a type "TAESFunc". This you will find in a pascal unit named "CP.Func.AES.pas" that comes with the "AESEncrypt" demo in "...\tmssoftware\TMS WEB Core Demos\Basics\AES".

Caution: The actual encryption/decryption subsystem is a feature of the browser, so the encryption/decryption API may or may not be aivailable in the browser you are using.

brunofierens · January 22, 2021, 2:35pm

You talk about visibility of data, at what exact point in the communication you see this visibility?
For the HTTP communication, it is recommended to always use HTTPS