SecureBlackbox 16: Securing RemObjects

Note: This article applies only to SecureBlackbox Legacy. For future development please consider using the latest version.

RemObjects uses several different transports from different vendors, including WinInet (Windows transport), Indy, and DXSock. SecureBlackbox currently supports the Indy transport. DXSock support is planned to be included later. WinInet is a client-side transport that has built-in SSL support for the HTTP protocol.

There are 4 components in RemObjects that we can link SecureBlackbox to. They are TROIndyHTTPServer/TROIndyHTTPClient and TROIndyTCPServer/TROIndyTCPClient.

TROIndyHTTPServer and TROIndyHTTPClient are a server and client of the HTTP transport, based on the HTTP protocol. TROIndyTCPServer and TROIndyTCPClient are a server and client of the plain TCP transport.

The components mentioned can be bound to Indy 8 or Indy 9. The evaluation version of RemObjects supports Indy 8 in the Delphi 6 evaluation version and Indy 9 in the Delphi 7 evaluation version. In the registered version of RemObjects, you can use whatever version you want.

Instructions for using SecureBlackbox with different Indy bindings are listed below. Before using SecureBlackbox with RemObjects, be sure to install the Indy support package (sbIndy*.dpk), which is located in the (SecureBlackbox)\Classes\Indy folder.


Indy 9

The TROIndyHTTPServer and TROIndyTCPServer components partially expose Indy HTTP and TCP servers through the IndyServer property. To add SecureBlackbox to your project using TROIndy*Server, you need to put an instance of TElIndySSLServerIOHandler onto the form, then set the IOHandler property to the name of the TElIndySSLServerIOHandler component.

The TROIndyHTTPClient and TROIndyTCPClient components partially expose Indy HTTP and TCP clients through the IndyClient property. To add SecureBlackbox to your project using TROIndy*Client, you need to put an instance of TElIndySSLIOHandlerSocket onto the form, then set the IOHandler property to the name of the TElIndySSLIOHandlerSocket component.

You will find a sample project using SecureBlackbox with RemObjects in the (SecureBlackbox)\Samples\RemObjects\Indy9 folder.


Indy 8

The TROIndyHTTPServer and TROIndyTCPServer components partially expose Indy HTTP and TCP servers through the IndyServer property. To add SecureBlackbox to your project using TROIndy*Server, you need to put an instance of TElIndyServerSSLIntercept onto the form, then set the IOHandler property to the name of the TElIndyServerSSLIntercept component.

The TROIndyHTTPClient and TROIndyTCPClient components partially expose Indy HTTP and TCP clients through the IndyClient property. To add SecureBlackbox to your project using TROIndy*Client, you need to put an instance of TElIndyConnectionSSLIntercept onto the form, then set the IOHandler property to the name of the TElIndyConnectionSSLIntercept component.

You will find a sample project using SecureBlackbox with RemObjects in the (SecureBlackbox)\Samples\RemObjects\Indy8 folder.


Towards Maximum Security

After executing the above steps, your connection is encrypted. However, the task is not complete. It is technically possible for some third party to access the data. How? The third-party establishes itself as the remote side of the communication and intercepts the information.

To prevent this, proper authentication steps must be taken. Both server and client must be properly identified as authorized to access the data. This is done using X.509 certificates. X.509 certificates can identify the parties (server or client) in communications and they can also contain supplementary information — for example, a description of the scope of the client's allowed actions.

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.