How to Implement security driver in client server architetcure application.

Author: lalitpct@gmail.com (lalitpct)

In security testing we found that uniface client server application uses only base64 for encoding in network path. I was trying to implement some other form of encoding like DES etc , but could not do it there is no clear documentation on it. As shown below client.asn has usecappl as entry point in c program zsecdrv , which only does base64 encoding. client.asn ------------- .......... [USER_3GL] zsecdrv(usecappl) I read in the documention that "uenc" can be used to implement other encoding for the network path , does any one have idea how it can be done?

2 Comments

  1. Hi lalit, if you have access to a uniface installation with a samples directory, the following may give you a hint: C:\Programme\Compuware\Uniface 9.6.04\uniface\samples\3GL\security\zsecdrv.c plus the other files Greetings from Frankfurt/Germany, Uli

    Author: ulrich-merkel (ulrichmerkel@web.de)
  2. Hi Uli, Thanks for the quick response , actually I had gone through the zsecdrv.c but still could not figure out how uenc.c can be used for other encryption. My understanding is  1)In current eg. zsecdrv(usecappl) from uniface application we call function usecappl from c progarm zsecdrv , this usecappl is the starting point for client server architecture and which eventually does base64 encoding for database connection details or all data which goes to network. 2)I tried using below things which looks incorrect. -------------client.asn----------- [USER_3GL] zsecdrv(usecappl) unenc(DES)            ;----- added for encryption [XLOGIN] PATHS = LOG/NET, SUP/NET  ;--- this are the network paths we are using to connect to urouter. ----------------------------------------------- Logs : it looks same as what it was earlier , I am not sure how we can check in logs which algorithm has been used. SECDRV INIT: Security Driver will be used for :- Encoding of connect messages Encoding of data in message headers Server: Non-DBMS file open: /opt/udesc.urr Server: Non-DBMS file close:


    Author: lalitpct (lalitpct@gmail.com)