MQL: security vs opportunities - page 4
You are missing trading opportunities:
- Free trading apps
- Over 8,000 signals for copying
- Economic news for exploring financial markets
Registration
Log in
You agree to website policy and terms of use
If you do not have an account, please register
Can you at least give me a hint?
A Trojan on MKL ? I can't imagine... honestly.
I wrote - a method of custom exchange of information with the server over a secured regular network channel "terminal-server". A method for extending the functionality of the terminal, completely under the control of the broker and completely legal.
It's elementary to write a Trojan, if DLL is allowed. It couldn't be simpler.
In reality, it reads like this:"I will be able to send any personal and private information from any user's terminal to any address on the network". And don't say "well, I can't steal the password".
...
But we've gone off topic, just make virtual files in operative similar to real files on disk. With sharas and commons.
Handle the creation/existence handler to the opening terminal.
This technical solution does not violate security in any way (at least, if it does, then files in MQL are not safe either).
I wrote - a method of custom exchange of information with the server over a securitised regular network channel "terminal-server". A method for extending the functionality of the terminal, completely under the control of the broker and completely legal.
Waiting for it.
But we've gone off topic, just make virtual files operative by analogy with real files on a hard drive.
Handle the handle of the existence to be entrusted to the opening terminal.
It's not a security breach in any way.
Agreed. Anything at all... а ?
Waiting.
I agree. Anything at all... а ?
It's the 21st century, there's 16 gigabytes of RAM out there, and we're still using hard drives for temporary files and changing them every quarter.
Observing the responses, I decided to summarise a bit. Glad to see that Renat has been active in the topic.
Good news for MQL-developers: MT4 will now have a Depth of Market (Rustam regards :)
Renat
This way a broker can expand the terminal's capabilities without sacrificing client security or violating the licence to use the system in any way. There is a new opportunity for third party developers to sell their solutions legally and in-house.
And MT4i.com (now probably in the form of MT5i.com) will return to brokers with previous products
It seems to me that brokers will be able to create their own parallel signal network out of MK signals business.
--------
So, what is the security situation of MK's business at the moment.
The bad news for MQL developers - it's still impossible to initiate information transfer behind the sandbox without enabling the DLL (and these are the files in the terminal folder) .
This is MK's principled position. The issue borders on a huge hole in customer data security.
You can't let the genie out of the bottle unchecked - releasing information outside the sandbox without the trader confirming it.
In fact "Allow DLL" - can now safely be renamed to "Allow transfer of private information to third parties" checkbox.
Therefore, sockets and server pips (which don't need DLL checkbox) will not appear in the terminal.
--------
Now a business proposal to Renat (for a couple of weeks )
We are left with these options:
1. In the terminal we add another checkbox "a la" allow DLL, allow trading, etc..
Let's call the checkbox the new cherished word "Allow Server Piping(socket)".
That is, our client has absolutely no control and is fully aware of the fact that the Expert Advisor wants to be a server for transferring information.
So, the idea is to allow "server functions" in addition to the "Trading functions".
2. Mapping.
This is not the most desirable solution, but it will allow to perform exchange within one local computer, without wiping a hole on a hard drive.
It will cover a large layer of tasks - the exchange of information between terminals, agents and third-party software. This will already be quite enough, so that without losing absolutely no security (for with files in the sandbox everything is the same), it will be possible.
Of course - option "Allow mapping functions" in expert settings is not excluded.
Renat, what do you think of these options?
An active "no" now, I think at least two weeks for reflection and advice with your team will be necessary. And after the May break there will be an actual fresh solution.
Renat, what do you think of these options?
No active "no" now, I think at least two weeks for reflection and advice with your team will be necessary. And after the May break there will be an actual fresh decision.
We just made the pips so you don't have to use files.
I understand perfectly why server pips in the terminal. Only and only (everything else is just excuses) for one task - to combine terminals for the sake of arbitrage. But that is not part of our tasks.
Who really wants to make an inter-processor exchange, it is enough to implement a multichannel pipe-server. But you can't sell that on the market, which is exactly the purpose pursued.
Renat, :)
This topic has absolutely nothing to do with the market.
I'm sorry if you didn't get that right away, I didn't emphasise it.
Renat, :)
This topic has absolutely nothing to do with the market.
I'm sorry if you didn't get that right away, I didn't emphasise it.