Delphi to write Network program security measures

First, the principle

At present, there are many methods of data encryption, which plays a certain role in the protection of data. However, if a fixed key or key is sent along with the data, no satisfactory confidentiality effect can be achieved. In practice, I have developed a set of "request-reply" mode of random key method, the password and data confidentiality effect is very satisfactory.

When the client program starts and attempts to establish a connection with the server program, the client obtains a random string from the server that is generated by the server program, and the system will use this string as the key to transmit the user login password and data. Because the key is randomly generated by the server program, the client has different keys each time they log on, thus greatly reducing the likelihood that the password will be intercepted to cause the data to be stolen.

The server side can draw out a custom interface in the Remote Data module, which returns a random string. The remote Data module is to record the string as the key for subsequent processing. Random strings can be produced in a variety of ways, the simplest way is to use the random () function to generate a random number and then use the format () function or inttostr () to produce a string.

Second, user login measures

In order to prevent the program from being illegally debugged so as to disclose the password, the client's login information must be processed on the server side, or a security layer can be specifically added to the client's login. The customer's login information is stored in the Customer table, including information such as user name, password, permission, and so on.

When the client logs in, the server program's interface is invoked to obtain the key string, and the key is used to encrypt the user's username and password and send the login information to the server. The encryption algorithm can be a DES algorithm or other effective algorithm. After the server receives the login information, the login information is decrypted with the random key previously generated and recorded, then the decrypted information is compared with the information stored in the customer's table to judge whether the customer's information is lawful and the data rights of the customer are available.

The client program for this procedure is as follows:

　　strKey:=myRemoteSever.GetKey();
　　 {调用服务器的接口获得随机密钥}
　　 UserName:=Ency(strUserName,strKey);
　　 {对用户名加密，Ency()为加密算法}
　　 Password:=Ency(strPassword,strKey);
　　 {对登录密码进行加密}
　　 If myRemoteServer.LogIn(UserName,Password) then {登录}
　　 Begin
　　 {进行处理}
　　 End;
　　 服务器端的登录过程LogIn()如下：
　　 strUserName:=DeEncy(UserName,strKey);
　　 {对用户名解密，DeEncy()为解密算法}
　　 strPassword:=DeEncy(Password,strKey);
　　 {对登录密码解密}
　　 {查询数据库}
　　 if (Pass) then
　　 Result:=true
　　 Else
　　 Result:=false;

It should be noted that in both the server program and the client program, strkey should be defined as the whole variable.

In order to prevent the client table from being opened outside the program to disclose the password, the customer data can be encrypted, such as Paradox table can add password, server program to access the Customer information table, the first to provide the password.

Third, data transmission

In a network program, some sensitive data must be encrypted when it is transmitted online. The Midas mechanism of Delphi provides the way of data encryption, it can encrypt some fields before the data is transmitted to the client, or it can be updated to the database after the corresponding field of data from the client is decrypted after receiving the client's update data request. For some purpose, you can add a Tprovider or Tdatasetprovider object to the remote data module of the server program and place the DataSet property of this object as the dataset to be processed. Add the following code to the Tprovider Ongetdata event:

　　 with DataSet do
　 begin
　　 while not EOF do
　　 begin
　　 Edit;
　　 SensitiveData.AsString :=
　　 Ency(SensitiveData.AsString,strKey);
　　 {对敏感数据加密}
　　 Post;
　　 Next;
　　 end;
　　 end;

The above code can encrypt sensitive data and then send it to the client program.

Similarly, the data sent to the client can be decrypted by adding some processing code to the Tprovider onupdatedata event.

The above is only introduced the network procedure Security measure Realization general principle, on this basis, may add other secrecy measure, in order to achieve the better secrecy effect. For example, a client program can use specific assistive hardware devices to increase security. In the smart card application, the client will not only require the user to enter the username and password when logging in, but also check the type of IC card and the specific content in the IC reader, so that the password can not be leaked. Of course, any security measures are not absolutely safe, security measures must have a strict confidentiality system and the use of a high degree of confidentiality of personnel to truly play a role in secrecy.