Overview
This document contains information about client-server data security.
| Info | ||
|---|---|---|
| ||
The contents in this section explains internal cryptography and security measures to protect the data exchange among the various processes. Its reading is NOT necessary to any project configuration; it is intend to proved detailed implementation information for IT and Network security professionals. |
On this page:
| Table of Contents | |
|---|---|
|
|
Data Encryption
All communication between Clients and Server are encrypted by default. Clients are external modules that executes out of server (TServer). Examples of clients: Script Task Server, DataAccess, Devices, TRichClient, TSmartClient, WebClient[legacy], HTML5Client, Module Information, TraceWindow, PropertyWatch, TReportServer, OPC Server.
The communication can be using .NET/WCF and TCP binary, and in both they are encrypted. TCP binary is used mainly while running runtime on Mono/Linux and also when exchanging data between Mono/Linux and Windows Desktop, and it wil be explained in last section of this document.
The cryptography uses basically two classes of .NET Framework:
- System.Security.Cryptography.RSACryptoServiceProvider (Asymmetric, KeySize: 1024): Performs asymmetric encryption and decryption using the implementation of the RSA algorithm provided by the cryptographic service provider (CSP). It is used to generate "private/public keys" during the initial connection.
- System.Security.Cryptography.Rijndael (KeySize: 256). It is used to encrypt/decrypt the data and it uses "private/public keys" generated during the initial connection.
Windows Process Data Connections
Host the following bindings:
- WCF/NetNamedPipeBinding/NetNamedPipeSecurityMode.None. Used only for local connections between clients and server (clients and server running on the same computer).
- WCF/NetTcpBinding
- SecurityMode.None: Default port is 3101.
- SecurityMode.Transport(SSL): Default port is 3101, available from "FactoryStudio fs-8.1.15". See "Note" section.
- SecurityMode.Message: Default port is 3102. This binding is used when using "Windows Authentication".
- WCF/WebHttpBinding: HTML5, http/https: Default port is 80 (http) or 443 (https)
- It is necessary to reserve via "command prompt" (Run as Administrator) the url's:
- netsh http add urlacl url=[http/https]://+:<port number>/thtml5/service.svc sddl=D:(A;;GX;;;IU)
- netsh http add urlacl url=[http/https]://+:<port number>/thtml5/ws/service.svc sddl=D:(A;;GX;;;IU)
- It is necessary to reserve via "command prompt" (Run as Administrator) the url's:
- .NET/HttpListener: HTML5/WebSocket, http: Default port is 80
- .NET/TcpListener: Basic WebServer, Host Mono connections: Default port is 3103.
Note: From "FactoryStudio fs-8.1.15" SSL can be enabled changing settings (EnableSSL) of TWebServer.exe.configfile. In this case:
- TSmartClient: You need add argument "enableSSL=true".
- DataAccess:Set EnableSSL property to true.
Mono/Linux Data Connections
Host the following bindings:
- .NET/TcpListener: Basic WebServer, HTML5/WebSocket
Exchanging data between Mono/Linux and Windows
- It is used TCP Binary (.NET/TcpListener).
- The server can execute on Windows Desktop and Mono/Linux.
- TRemoteClient can connect to both platforms.
- Debugging tools (PropertyWatch, TraceWindow and ModuleInformation) also can connect to server running Mono/Linux. For this it is necessary add argument "/iot" while running these tools.
- TRichClient (fs-8.1/IoT/Runtime/TRichClient.exe) can connect to server running on Mono/Linux. The opposite is not possible.
- HTML5 clients in any platform can connect to server on Windows Desktop and Mono/Linux.
In this section...
| Page Tree | ||||
|---|---|---|---|---|
|