In a similar vein, is there any way to make "open socket" only accept
secure connections? My workaround is to have the client send a message
to
authenticate, and the server on connection uses "send in" to kill the
socket if this hasn't happened within a timeout period.
Using 'open socket' just creates a basic TCP/IP socket stream which is
unencrypted. When you use 'open secure socket' it creates both the basic
stream and then wraps it in the SSL/TLS protocol which is encrypted.
As the 'secure' layer is a protocol layered on top of the basic byte
stream, it requires both sides to be talking the 'secure' protocol - in
particular, there is a handshake at the start that must happen to
establish the initial (symmetric) encryption keys, then these are
refreshed periodically throughout the transaction period. In short, if
you attempt to open a non-secure connection to a secured socket the
connection will not occur and you will get an error. i.e. 'secure
sockets' will only talk to other other 'secure sockets'.
I think this is the behavior you are looking for, so you shouldn't need
to do anything to manage secure / insecure mixes - if someone attempts
to connect to your server socket in a non-secure fashion, then the
server won't understand what the client is trying to do and the
connection will error.
Mark.
--
Mark Waddingham ~ m...@livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
