A+ security ranking for 4D web sites

Automatically translated from English

After introducing Perfect Forward Secrecy, the security level of 4D Web server has been increased again with the support of HTTP Strict transport Security (HSTS). Henceforth, 4D Web server is compliant with the very latest security protocols. Simply upgrade to 4D v17 and enable HSTS to get the A+ ranking (the highest level) from SSL Labs for your web sites!

HTTPS protocol is used to secure communications between a client and server. In a world where your clients can acces your site via connections to public WiFi in an airport or at a coffee shop, it’s very important to require your clients’ browsers to use HTTPS. To do so, just activate the new HSTS feature on your 4D Web server!

ENABLING HSTS

HSTS allows web servers to declare that browsers should only interact with it via secure HTTPS connections. Once activated, 4D Web server will automatically add HSTS-related information to all of your response headers.

When a browser receives the 4D Web server’s initial response with the HSTS information, it will record it. From that point on, any future HTTP requests will automatically be transformed to HTTPS. And you can specify the length of time for the browser to store this information with the Web HSTS max age option.

// The time that the browser should remember that the site is only to be accessed using HTTPS.
WEB SET OPTION(Web HSTS max age;15778800)
// Enable HSTS on the 4D Web server
WEB SET OPTION(Web enable HSTS;1)

HTTP and HTTPS management

In addition to the Web HSTS max age option, two other options have been added to WEB SET OPTION command so you can programmatically enable / disable HTTP or HTTPS on your 4D Web server.

// Disable HTTP on your 4D Web server
WEB SET OPTION(Web enable HTTP;0)
// Enable HTTPS on your 4D Web server
WEB SET OPTION(Web enable HTTPS;1)

 The option to enable or disable HTTP has also been added to the Database Settings in the Web/Configuration page.

Fabrice Mainguené

• Product Owner •

Fabrice Mainguené joined 4D Program team in November, 2016. As a Product Owner, he is in charge of writing the user stories then translating it to functional specifications. His role is also to make sure that the feature implementation delivered is meeting the customer need.

After obtaining a Bachelor degree in Computer Science at CNAM, Fabrice joined a small software publishing company as a Windev developer. Then he worked for different companies in industry and trade areas as a Windev and web developer as well as technical advisor on new features.