Wednesday, January 5, 2011

Security even for non crypted for Concept 2.0

I've added a few features in Concept 2.0:
  • Chunked files and cookies: This allows the asynchronous transfer of files between the server and client, files of virtually unlimited size
  • Optimized transfer for non-chunked files (the client now receives the file buffer only if the user accepted it)
  • Security warnings for the Concept Client when an application tries to execute a potentially dangerous command
  • Optimized concepts:// protocol (less CPU cycles per message)
  • Secure log-in for uncrypted sessions. For now, 3 methods of authentication are available: MD5, SHA1, and PLAIN. Old clients are using the PLAIN method by default, but for new applications SHA1 is recommended. The password is returned as (for SHA1): SHA1(challenge + SHA1(password)). Challenge is a 64 character random generated buffer (characters with values from 0 to 0xFF).
  • In GyroGears: SQLiteNoLock driver was added in order to avoid transactions when using SQLite (SQLite locks the entire database instead of just only one row).
  • A major change in the Gyro generated ORM: for file and multimedia data type, if object is stored on disk, instead of the object buffer, it returns the File handle.
  • Minor bug-fixes in the log system of Concept Application Server that caused "unknown" ip has been disconnected.

No comments: