tags:

views:

50

answers:

3
Q: 

Recommendations for Secure TCP Connections For Consumer Application

I'm designing a training program in C++ that will be distributed to a large number of facilities, most of which won't have much in the way of an IT staff. The program connects via a TCP connection to a central database which stores various pieces of data for research and evaluation purposes.

The problem I have is that I would like to make the transmission secure, and the most commonly recommended way to do that seems to be OpenSSL - which seems all well and good, but I've got a problem. As I understand it, OpenSSL must be installed specifically on each of the systems. The facilities won't have the expertise required to compile and install the source on their systems, the computers will be sufficiently varied (all Windows boxes, but of varying make and quality) to rule out distributing a specifically-compiled binary, and continent-wide distribution makes it impossible for my team to personally set it up.

Does anyone have a recommendation for how to solve this problem? Am I simply incorrect in my assumptions, and one can distribute it without installation? If not, is there a more practical alternative?

+1  A: 

Actually, OpenSSL seems like a good option based on what you described.

From what I understand of OpenSSL, it is a library written in C (with wrappers around it for other languages), meaning that you can include it in the code base of whatever it is you are writing.

I'm pretty sure that it is not a program that has to be installed, so I think that you shouldn't have to worry about that.

Stargazer712  2010-06-21 22:36:49
+3  A: 

As long as all your machines are XP+, with two versions of OpenSSL you should be ready, one for 32bits and one for 64bits. Just provide two separate installers and that should be it. There's no need to compile for each machine.

Just remember to include the Visual C++ redistributable package in your installer as well.

If you have to support ancient Windows versions, it gets a bit more complex but not that much.

Vinko Vrsalovic  2010-06-21 22:38:57
+1  A: 

You might also like to experiment with IPSEC- if you are concerned with distribution of binaries etc to client machines, IPSEC could be interesting solution. Since virtually all Windows boxes support it, all you have to do is to configure IPSEC policy on DB server - by making it as "required" this way, all the data between client machines and DB server will be encrypted.

Gaurav Kumar  2010-06-25 03:51:00

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS