We are currently evaluating TMS Biz specifically RemoteDB and also Sparkle.
Apologies if this enquiry is posted in the wrong place, however I do not seem to be able to post it directly in the Biz or RemoteDB/Sparkle forums. Presumably this is because we have not yet purchased the components (unless there is another reason?)
Specifically we are trying to Encrypt the Message between Client and Server i.e. Encrypt the Request and Response objects, so that the RemoteDB requests are not passing SQL commands in cleartext to the server.
I have attempted this in 2 different ways, but cannot get either to work completely.
Firstly using the Encryption middleware as shown in the Sparkle demo project 'EncryptionMiddleware'.
The problem here is that when I Decrypt the Request object it appears to have some extraneous 'Bel' characters at the end. If I debug into the Aurelius.Drivers.dbGo.SetSQLCommand() method however I can see that the SQLCommand appears to be correct. However, after completing this method an error is thrown by RemoteDB - "EDatabaseError with message Field '***.
The weird thing is that even if I hardcode the SQLCommand text at this point to a different command than the one that was passed, the same error still occurs.
However, if we do not Encrypt/Decrypt then the hardcoded SQLCommand is executed correctly.
This implies to me that some other property or method that I cannot obviously see is also being set in the case where we are Encrypting.
Note that the actual Encryption is being done with AES encryption as per the demo (using TMS Encryption pack which we are also evaluating).
Alternatively we have tried using Custom Middleware instead of the Encryption middleware.
The events fire when expected and the we are able to Decrypt the request content in the Service project, but cannot see a way to assign it back to the Request object before it hits RemoteDB/Aurelius.
Context.Request.Content is a read-only property. Context.Request.ContentStream is writeable but does not actually write anything. i.e. it appears to let me assign a stream back to it, but still contains the original (encrypted) value afterward. I cannot see any examples either in your documentation or in your demos where you do this.
The standard, well-accepted and secure way of avoid "passing in cleartext to the server" is using a certificate. That's what you should do unless you have a really specific and strong reason for not doing so. One argument is exactly what you are struggling with. Reinventing the wheel and spending time dealing with something that is already solved by someone else in a standard way.
The encryption middleware is something that I personally struggle to include it in the main package, exactly because of that. Users shouldn't be using it for such purpose, but just use certificates instead. It was a very, very specific use case of a customer that we end up making available for other users.
Hi Wagner, i take advantage of this post to expose my concern.
Simplifying a little, we have a Sparkle server (with a TRemoteDbModule, middleware JWT Authentication, ecc..) using an HTTPS certificate (via Let's Encrypt). We have many clients pc running applications with TRemoteDb. All is fine, everything works like a charm.
Now, my struggle is to hide request / response content from the client pc, before SSL encryption is applied to send / receive to / from the network. We have to protect the content for some sort of penetrations tests executed directly from the client pc, by someone who also know the account of a legit user, and can use our software to generate network traffic with the Sparkle server. Using Fiddler or similar it's easy to inspect the request / response headers and content, and (teoretically) make some sort of modification of it. Final result... test failed, software "not secure".
That's why i think that i could use TEncryptMiddleware + Https to hide the content before it's sent to Https.
But , in your reply to the original post, you wrote "...The encryption middleware is something that I personally struggle to include it in the main package, exactly because of that. Users shouldn't be using it for such purpose, but just use certificates instead. ..."
So, my question is: there is some hidden problem in using HTTPS + TEncryptMiddleware, that makes my solution not applicable ?
No, there isn't a "hidden" problem. Just the regular issue that you are leveraging your own encryption solution which is usually a not good idea.
You can use encryption middleware for that, it fits well.
But my point is exactly that: you are trying a kind of "kludge" to minimize something that is not inherently secure. Users can still inspect your executable and find the information the same way, by checking the in-memory data before it's encrypted.
Granted, it's more complicated than inspecting the network, though.
Thank you Wagner, so i will use encryption middleware.
We have to pass tests where the testers are not simply "on the web", trying to ask things to the Sparkle Server or to intercept the https packets. These humans make tests from the client pc and from the server. They monitor some legit traffic "from the inside" to obtain tokens, and try to use those info to find some breach.
In this perspective, obviously some skilled person working from the client pc could inspect the in-memory data and breach virtually everything, but at the moment this penetration test is not scheduled !