PC SOFT

ONLINE HELP
FOR WINDEV, WEBDEV AND WINDEV MOBILE

Home | Sign in | English US
  • Overview
  • How to implement secure transactions via the SSL protocol
  • Inserting secure transactions (SSL) in a WEBDEV site
  • Principle
  • Implementation
  • Going back to standard mode (non-secure transaction) in the current browser
  • Special case: Opening a page in secure mode with BrowserOpen
WINDEV
WindowsLinuxUniversal Windows 10 AppJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadApple WatchUniversal Windows 10 AppWindows Mobile
Others
Stored procedures
SSL: Secure transactions with WEBDEV
Overview
When using an Internet application, the data circulating between the computer of the Web user and the Web server is not protected: the data can be accessed by any Web user. The confidentiality of data is not guaranteed.
Several systems can be used to guarantee the confidentiality of data. The most common one is the SSL protocol (Secure Socket Layer).
SSL is a communication protocol used to ensure the authentication, the confidentiality and the integrity of data. This protocol uses a recognized encryption mode: the RSA public key cypher. A RSA key is the result of operations between prime numbers.
Practically: What changes when a transaction is secured?
  • a secure transaction is using a specific address (https instead of http)
  • a padlock is automatically displayed in the status bar of the browser, indicating that a secure transaction is in progress.
How to implement secure transactions via the SSL protocol
To implement secure transactions (SSL protocol):
  1. On the Web server, create a key, with the IIS key manager for example if your Web server is IIS.
  2. Send the certificate request to a company providing key certificates (for example: www.verisign.com)
  3. The company returns a key certificate (for a fee). This certificate must be installed on the server by the key manager.
  4. You now have the ability to use secure transactions between the server and the client (see the next paragraph).
Note: "Verisign" delivers test certificates valid for 14 days, allowing you check whether the HTTPS connection is correct. These test keys allow you to check the operating mode of secure transactions.
The entire procedure to follow in order to get an SSL certificate is presented in Obtaining an SSL certificate for IIS (version 2 or later).
Inserting secure transactions (SSL) in a WEBDEV site
In an Internet/Intranet site, all the transactions do not necessarily contain confidential data: only the transactions that transfer confidential data can be secured (transaction used to transfer a bank card number for example).
Caution: before implementing a secure transaction in a WEBDEV site, all the requirements linked to the SSL protocol must be complied with.

Principle

The secure mode is implemented when opening a new page via a button or a link, with SSLActive. Once the secure page is opened, all the actions originating from this page will be performed in secure mode, independently of the objects used (link, table, click area).
The secured mode ends when SSLActive is called in the code of a button or link used to open a new page.

Implementation

To open a page in secure mode:
  1. Create a button (or a link) used to open a page. This page can be opened either by an action defined in the button description, or by programming in server code. The characteristics of this button are:
    • Type: "Send the value to the server" or "None"
    • Action: Display the XXX page (or none if the page is opened by programming)
    • Destination:
      • "Current browser" to open the page in the current browser
      • "New browser" to open the page in a new browser
  2. Enter the following code line in the browser click code of the button (or link):
SSLActive(True)
3. If necessary (action not defined in the description of button or link), use PageDisplay in the server click code to display the requested page in secure mode.
4. The page opened by the button (or link) will be opened in secure mode. This secure mode will be used until the non-secure mode is explicitly requested.

Going back to standard mode (non-secure transaction) in the current browser

To go back to the normal mode (non-secure transaction) in the current browser:
  1. Create a button or link used to open a page. This page can be opened either by an action defined in the button description, or by programming in server code. The characteristics of this button are:
    • Type: "Send the value to the server" or "None"
    • Action: Display the XXX page (or none if the page is opened by programming)
    • Destination:
      • "Current browser" to open the page in the current browser
      • "New browser" to open the page in a new browser
  2. Enter the following code line in the browser click code of the button or link:
SSLActive(False)
3. If necessary (action not defined in the description of button or link), use PageDisplay in the server click code to display the requested page in non-secure mode.
4. The page opened by this button will be opened in non-secure mode. This non-secure mode will be used until the mode is explicitly requested.

Special case: Opening a page in secure mode with BrowserOpen

To open a page in secure mode with BrowserOpen:
  1. Create a global variable (addrPage) for example in the home page (not secured).
  2. Initialize this variable with the secured address of the page:
addrPage = PageAddress(<Page Name>, paSecure)
3. In the code, use the following function:
BrowserOpen(addrPage)
Minimum required version
  • Version 9
Comments
Click [Add] to post a comment