How to transmit data through a secure connection? - Articles, Library comments

--- 2010.08.27 19:00 #11

Graff:

The error numbers are different.

the error has been corrected

in the function

int HttpOpenRequestW

it is necessary to define the 6th parameter as int, and pass 0 into it instead of " ".

int HttpOpenRequestW(int hConnect, string &lpszVerb, string &lpszObjectName, string &lpszVersion, string &lpszReferer, int lplpszAcceptTypes, uint dwFlags, int dwContext);

MQL 5 Access Violation Can't scrape vix from [ARCHIVE]Any rookie question, so

Arduz 2010.12.08 19:55 #12

sergeev:

error corrected

in the function

int HttpOpenRequestW

it is necessary to define the 6th parameter as int, and pass 0 to it instead of " "

int HttpOpenRequestW(int hConnect, string &lpszVerb, string &lpszObjectName, string &lpszVersion, string &lpszReferer, int lplpszAcceptTypes, uint dwFlags, int dwContext);

It doesn't work, I get the same error, how to fix it?

--- 2010.12.08 20:46 #13

arbuz:
It doesn't work, it says the same error, how do I fix it?

I just did a revision of all the classes a week ago.

It's working fine.

enotis 2011.05.21 22:17 #14

First of all, I would like to thank the author for this article. I think this topic is relevant primarily for those traders who already have their original developments and seek to protect their intellectual property. The model of transmitting trading signals through the server suits this purpose just fine.

Alex, your article is excellent, but I think that a very important point has not been touched upon, namely, how to transmit all this data in encrypted form through a secure connection (256-bit encryption). I.e. signals from computer-A are transmitted to the server through a secure connection, in turn computer-B also reads these data from the server through a secure connection. With such organisation of signals transmission the broker will not be able to trace the source of these signals, because all traffic will be encrypted.

Alex, what do you think about this and how can the security issue be solved more effectively?

Highly reliable transaction/signal copier Latest update (build 4150) What Is The Best

--- 2011.05.21 23:09 #15

enotis:

Alex, what do you think about this and how can the security issue be solved more effectively?

I would like to direct you to the second part of the article - POST transmission and use of multipart/form-data.

As for security, I understand you are talking about working with SSL certificates?

This can be solved by adding two flags when creating requests. But I would recommend to work with WinHttp.dll for SSL.

Everything is almost identical in the request creation interface, but it is advertised as more advanced and has a bit more features.

Experiments with MetaTrader 5 Debugging the DLL? In Need help with coding

enotis 2011.05.21 23:20 #16

sergeev:

I would like to direct you to the second part of the article - POST transmission and multipart/form-data usage.

As for security, I understand you are talking about working with SSL certificates?

This can be solved by adding two flags when creating requests. But I would recommend to work with WinHttp.dll for SSL.

Everything is almost identical in the request creation interface, but it is advertised as more advanced and has a bit more features.

Yes, I was referring to SSL certificates. Thanks for the advice, I have taken it into consideration. If I understood you correctly, you agree that this model of data transfer organisation can be considered sufficiently secure?

Experiments with MetaTrader 5 MetaTrader 5 Python User SSL certificate

--- 2011.05.22 11:32 #17

enotis:
Yes, I was referring to SSL certificates. Thank you for your advice, I have taken it into consideration. If I understand you correctly, then you agree that this model of organising data transfer can be considered sufficiently secure?

You can probably think of other options. For example, you can encrypt your data yourself and transmit it in the open.

this is a function of MqlNet class, with SSL verification

//------------------------------------------------------------------ Request
bool MqlNet::Request(tagRequest &req)
{
  if(!TerminalInfoInteger(TERMINAL_DLLS_ALLOWED)) { Print("-DLL not allowed"); return(false); } // check if the DLL is allowed in the terminal
  if(!MQL5InfoInteger(MQL5_DLLS_ALLOWED)) { Print("-DLL not allowed"); return(false); } // check if the DLL is allowed in the terminal
  if (req.toFile && req.stOut=="") { Print("-File not specified "); return(false); }
  uchar data[]; int hRequest, hSend; 
  string Vers="HTTP/1.1"; string nill="";
  if (req.fromFile) { if (FileToArray(req.stData, data)<0) { Print("-Err reading file "+req.stData); return(false); } }// read the file into an array
  else StringToCharArray(req.stData, data);
  
  if (hSession<=0 || hConnect<=0) { Close(); if (!Open(Host, Port, User, Pass, Service)) { Print("-Err Connect"); Close(); return(false); } }
  // create a request descriptor
  hRequest=HttpOpenRequestW(hConnect, req.stVerb, req.stObject, Vers, nill, 0, INTERNET_FLAG_KEEP_CONNECTION|INTERNET_FLAG_RELOAD|INTERNET_FLAG_PRAGMA_NOCACHE, 0); 
  if (hRequest<=0) { Print("-Err OpenRequest"); InternetCloseHandle(hConnect); return(false); }
  
  
  // send the request
  int n=0;
  while (n<3) // make two attempts to send. the first one is normal, the second one if SSL is required
  {
    n++;
    hSend=HttpSendRequestW(hRequest, req.stHead, StringLen(req.stHead), data, ArraySize(data)); // sent the file
    if (hSend<=0) // if sending is unsuccessful, check SSL
    {       
      int err=0; err=GetLastError(err); Print("-Err SendRequest= ", err); 
      if (err!=ERROR_INTERNET_INVALID_CA) // if the error is really related to SSL request
      {
        int dwFlags;
        int dwBuffLen = sizeof(dwFlags); // set additional flags
        InternetQueryOptionW(hRequest, INTERNET_OPTION_SECURITY_FLAGS, dwFlags, dwBuffLen);
        dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;
        int rez=InternetSetOptionW(hRequest, INTERNET_OPTION_SECURITY_FLAGS, dwFlags, sizeof (dwFlags));
        if (!rez) { Print("-Err InternetSetOptionW= ", GetLastError(err)); break; }
      }
      else break;
    } 
    else break;
  }
  if (hSend>0) ReadPage(hRequest, req.stOut, req.toFile); // read the page if sent
  InternetCloseHandle(hRequest); InternetCloseHandle(hSend); // close all handles
  if (hSend<=0) Close(); // close on error
  return(true);
}

--- 2011.05.22 11:33 #18

you can also set the following flags

dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;
dwFlags |= SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
dwFlags |= SECURITY_FLAG_IGNORE_CERT_CN_INVALID;

enotis 2011.05.22 12:32 #19

sergeev:

you can also set the following flags

dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;
dwFlags |= SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
dwFlags |= SECURITY_FLAG_IGNORE_CERT_CN_INVALID;

Yes, there are a lot of options for encryption, but this is the topic of a separate article. First we need to raise the model of signalling through hosting. Thanks for the tips.

Brett Luedtke 2011.07.17 06:38 #20

Hello,

Metachat is a good idea and I'd like to get one working myself.

Nothing referenced on the fxmaster.de site is working anymore - can you please provide the PHP source to metachat? Much thanks.

Trading Like Kids ... Indicators: Heiken Ashi ZoneTrade Queries about selling Market

Discussion of article "Using WinInet.dll for Data Exchange between Terminals via the Internet" - page 2