SecureBlackbox 16: SSL Transports for NexusDB
NexusDB is a database management system that makes use of a number of transports, including Winsock, COM, and named-pipe transports. You can also create your own custom transports. One powerful feature of NexusDB is chained transports. You can create a transport to perform transformations and use another transport to deliver the actual data. This feature is used to provide Blowfish encryption for data. You can also use SSL proxy transports to provide a higher level of security and certificate-based authentication of clients and servers.
Configuring SecureBlackbox on the Client Side
Follow the steps below to add the SecureBlackbox client component to your project and configure the certificates:
- Install the necessary packages as described in SecureBlackbox ReadMe file.
- Add a TElClientSSLTransport component to the form (the "ClientSSLTransport" component in this example).
- Set the ClientSSLTransport.Transport property to the transport that will do the actual data transfer.
- If you do not have an instance of the TnxRemoteServerEngine component on the form, add one (the "ClientRemoteServerEngine" component in this example).
- Set the ClientRemoteServerEngine.Transport property to ClientSSLTransport.
- Optionally, adjust the Versions property of the ClientSSLTransport component if needed.
- Optionally, add a certificate storage to the form and set the ClientSSLTransport.CertStorage property to that certificate storage.
Configure SecureBlackbox on the Server Side
Follow the steps below to add the SecureBlackbox server component to your component and configure the certificates:
- Install the necessary packages as described in the SecureBlackbox ReadMe file.
- Add a TElServerSSLTransport component to the form (the "ServerSSLTransport" component in this example).
- If you do not have an instance of TnxServerCommandHandler on the form, add one (the "ServerCommandHandler" component in this example).
- Set the ServerSSLTransport.CommandHandler property to ServerCommandHandler.
- Add an instance of TnxSecuredCommandHandler to the form (the "ServerSecuredCommandHandler" component in this example).
- Set the ServerSecuredCommandHandler.SecuredTransport property to ServerSSLTransport.
- Optionally, adjust the Versions property of the ServerSSLTransport if needed.
- Optionally, add a certificate storage to the form and set the ServerSSLTransport.CertStorage property to that certificate storage. This storage contains the server certificates.
- Optionally, add a certificate storage to the form and set the ServerSSLTransport.ClientCertStorage property to that certificate storage. This storage contains the certificates of the clients if they are requested from clients when connecting.
You will find a sample project of using SecureBlackbox with NexusDB in the <SecureBlackbox>\Samples\NexusDB folder.
Towards Maximum Security
After the above steps your connection is encrypted; however, it is technically possible for some third party to access the data. A third-party can establish itself as the remote side of the communication and receive the information instead of the legitimate server.
To prevent this, use X.509 certificates to properly authenticate the server and client as authorized to access the data. An X.509 certificate can also contain supplementary information that, for example, contains a description of the scope of actions the client is allowed to take.
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.