Announcement

Collapse
No announcement yet.

Socket Tools other uses ?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Socket Tools other uses ?

    Hi All

    I w'd like to justify the purchasing of Socket Tools library. And I need some feedback from fellow members on
    what other uses of Socket Tools ? In particular :

    1. My company needs Socket Tools for SFTP and that this is our only usage for internet

    2. My company needs some encryption \ decryption routines to encrypt files, does Socket Tools provide for these functions ?
    Its multi programming language capabilities is an advantage here.

    3. We don't use client server programs as our programs are all standalone.

    4. What other uses of Socket ?

    Thank you and appreciate all comments/ advice on this product



  • #2
    I've used it for FTPS (FTP over SSL), communicating with a web service (HTTPS post/receive), doing DNS lookups, and sending email. Great package, I highly recommend.

    Comment


    • #3
      - SFTP file transfer
      - Sending emails
      - DNS lookup

      Why not educate yourself, Tim and have a look at https://doc.sockettools.com/v9/library/. That's SocketTool's help file right there, proving an in-depth look at what you can do with it?

      As for encryption/decryption, I'd recommend to use the Windows' CryptoApi. I'm pretty sure the forum search will provide examples, when searched for "CryptoApi" and/or CAPICOM.

      As for "justifying the purchase" ... you most likely already spend more time (=money) looking into the whole issue (SFTP) than the ~ $400 that it costs.

      [Added]
      If I seem to sound like a SocketTools sales person, it's because a) the library itself, b) the documentation and examples that come with it and last but not least c) the support from Catalyst are all one of the better experiences I had in my IT/programming career.

      Comment


      • #4
        Thanks Raymond and Knuth for your advice.

        As you see, SFTP is the only usage by my company that can be derived from Socket Tools as it relates to the internet.
        I'm looking at other ways to utilize some of the other functions that Socket tools may provide :

        1. Encryption and decryption of data files
        2. Secure means of getting actual time from the internet ( in order to check whether the trial period of a software has expired or not)

        Comment


        • #5
          1) not in the scope of SocketTools portfolio. And why should it be? The OS itself provides this via an API, as I mentioned above, so use that instead.

          2) What do you mean by "secure means"? Similar to HTTP or FTP, the NTP protocol doesn't include any encryption. If you mean "robust"/"reliable" by it - well, it is realiable in the sense that it does work as advertized - I used it myself to ensure that the local system time is set correctly*). But due to technical limitations of how the internet works, you can't trust the data delivered that way, as your application has no control over the client's DNS settings. So there's always the possibilty that a rogue client figures out that your program communicates with time server time.domain.tld, edit his (local) DNS settings to point time.domain.tld to faketime.domain.tld, where a time server answers the NTP request and serves it with an incorrect time in the past.

          *) For cashier application, to ensure the end-of-day cash reports are generated with the right date/time stamp.

          Comment


          • #6
            Just thought I'd mention that SocketTools 10 does include some general purpose encryption / decryption functions that serve as wrappers around the more complicated CryptoAPI functions. They were added to the Encoding and Compression library and are extremely simple to use. Internally, it uses AES-256 encryption with the key generated from a SHA-256 hash of the "password / passphrase" string.
            Mike Stefanik
            sockettools.com

            Comment


            • #7
              Thanks Knuth for your advice on NTP protocol . I'm wondering where else or what method that we can use to obtain the actual dates and times
              without hackers faking them?

              Thanks Mike
              They were added to the Encoding and Compression library and are extremely simple to use. Internally, it uses AES-256 encryption with the key generated from a SHA-256 hash of the "password / passphrase" string.
              Can you please elaborate on this statement ?
              Maybe with some codes on how you would use Socket Tools' AesEncryptFile() and AesDecryptFile()

              and the ability to hide my password using hash




              Comment


              • #8
                Thanks to Mike Stefanik , I stand corrected and am pleasantly surprised.

                Comment


                • #9
                  Originally posted by Tim Lakinir View Post
                  As you see, SFTP is the only usage by my company that can be derived from Socket Tools
                  Tim, I honestly said something similar when I bought SocketTools, but for me it was just https. I likened my SocketTools purchase to needing a screw driver, but buying the whole toolbox 'just in case'.

                  Comment


                  • #10
                    Originally posted by Tim Lakinir View Post
                    Can you please elaborate on this statement ? Maybe with some codes on how you would use Socket Tools' AesEncryptFile() and AesDecryptFile() and the ability to hide my password using hash
                    It's not complicated. If you want to protect the password string, there are things you can do from preventing casual inspection of the executable (embedding nulls and/or random characters which you programmatically remove before passing it to the function). However, if you want to go beyond that, you're into the realm of anti-debugging techniques, which is beyond the scope of what we do. Others may have some suggestions along those lines.

                    Code:
                    #COMPILE EXE
                    #DIM ALL
                    
                    #INCLUDE "CSTOOLS10.INC"
                    
                    FUNCTION PBMAIN () AS LONG
                    
                        Dim szOriginalFile As StringZ * %MAX_PATH
                        Dim szDecryptedFile As StringZ * %MAX_PATH
                        Dim szEncryptedFile As StringZ * %MAX_PATH
                        Dim szPassword As StringZ * 128
                        Dim bResult As Long
                    
                        szOriginalFile = "C:\Users\UserName\Documents\TestFile.dat"
                        szEncryptedFile = "C:\Users\UserName\Documents\Encrypted-TestFile.dat"
                        szDecryptedFile = "C:\Users\UserName\Documents\Decrypted-TestFile.dat"
                        szPassword = "~G60+o&p7=*S^*IQp#oJ"
                    
                        bResult = AesEncryptFile(szPassword, szOriginalFile, szEncryptedFile)
                    
                        If IsTrue(bResult) Then
                            bResult = AesDecryptFile(szPassword, szEncryptedFile, szDecryptedFile)
                    
                            If IsTrue(bResult) Then
                                MsgBox "The file was successfully encrypted and decrypted", %MB_OK
                            Else
                                MsgBox "The file could not be decrypted", %MB_ICONERROR
                            End If
                        Else
                            MsgBox "The file could not be encrypted", %MB_ICONERROR
                        End If
                    
                    END FUNCTION

                    Mike Stefanik
                    sockettools.com

                    Comment

                    Working...
                    X