More security for your 4D Server

Over the years, security has become a core topic for business applications. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as “SSL”, are cryptographic protocols that provide communications security over a computer network. The TLS version that your application is using for web or client/server connections, for instance, contributes to its security level.

4D supports all TLS versions: 1.0, 1.1 and 1.2. The protocol version used is negotiated between the server and the client when establishing the connection. To increase the security level, beginning with 4D v16 R5,  the default minimum supported version is TLS 1.2, older versions are rejected, as they could be unsecure.

Don’t worry, TLS 1.2 was defined in RFC 5246 in August 2008. It’s been available and integrated in tools and servers for a very long time. All major browsers support TLS 1.2. Thus, you can upgrade your 4D Web Server without modification or precaution, you don’t have to rewrite your web pages or methods. For your client-server applications, you can migrate your older client applications to 4D v16 R5 client applications without changing your code.

CHANGING MINIMUM TLS VERSION

For compatibility purposes – if you need to support older browsers or tools which do not supports TLS 1.2 – there is a means to decrease the security level and continue to allow these potentially unsecure protocols with the new 4D Min TLS version selector for the Get database parameter and SET DATABASE PARAMETER commands.

Vanessa Talbot
• Product Owner •Vanessa Talbot joined 4D Program team in June, 2014. As a Product Owner, she is in charge of writing the user stories then translating it to functional specifications. Her role is also to make sure that the feature implementation delivered is meeting the customer need.Since her arrival, she has worked to define key features in 4D. She has worked on most of preemptive multi-threading new features and also on a very complex subject: the new architecture for engined application. Vanessa has a degree from Telecom Saint-Etienne. She began her career at the Criminal Research Institute as a developer for the audiovisual department. She has also worked in media and medical fields as expert in technical support, production as well as documenting new features.