Encryption. Authentication. & Certificate Authority Validation
In recent releases, 4D’s security capabilities have been significantly expanded, particularly in the area of certificates. This includes auto-generated certificates for client-server communication, support for ECDSA certificates, and, with 4D 20 R7, the validation of certificate authority for client-server communication of engined applications. Some customers require the highest level of security, highlighting the importance of these features.
However, security can be complex, and there have been requests for an explanation of how a TLS/SSL connection works and the role of certificates. Therefore, before delving into the new features, it’s helpful to first break down the basic security concepts and their interactions.
Permissions: Inspect Session Privileges for Easy Debugging
Today, you can benefit from a powerful feature to filter access to data, which is essential for preventing malicious access to your application.
This feature uses privileges that allow certain actions on your data. These privileges are assigned to users through roles and stored in the Session during authentication.
In 4D 20 R6, we enhanced this functionality by allowing you to inspect the privileges in the Session, which is very helpful for debugging.
Keep reading to learn more.
Force Login Becomes Default for all REST Auth
We recently provided a new way of controlling access to the REST API via the privileges and the ds.authentify function: Force Login. This feature offers much more than previously available authentication mechanisms and was clearly explained in this blog post.
With 4D 20 R6, Force Login has become the default mode for REST authentications. Curious about the reasons behind this change and how to manage the transition? Keep reading to find out more.
Fortifying Security: 4D Embraces OpenSSL 3.1
In an era where data security is paramount, updating security libraries is crucial.
4D v20 has taken a significant step forward by upgrading its OpenSSL library from version 1.1 to 3.1.
This advancement brings forth a multitude of advantages and improvements for 4D developers, enabling them to build applications that are not only highly secure but also exceptionally efficient.
Now, let’s explore these benefits in detail.
Filter Access to your Data with a Complete System of Permissions
Filter access to data is a must-have feature to prevent malicious access to your application.
So far, you could expose or not expose as a REST resource a dataclass and some of its attributes. It was already a convenient means to restrict access to your data. Still, we’re thrilled to deliver in the v19R8 a powerful and fully customizable system to protect your data from unauthorized users. A system to protect your data depends on who is accessing it and which data is accessed.
A Deeper Look into 4D Data Encryption
4D offers several great avenues for keeping your business application secured. One of these avenues is to secure the data itself using 4D’s built-in encryption. To help you understand how encryption works under the hood, we are pleased to announce the release of the 4D Encryption Guide.
As our VP of Strategy, Thomas Maul said:
“Encryption is worth taking a few moments to understand how it works. And not only how to use it.”
And we couldn’t agree more because if we don’t understand it correctly, we’ll never use it to its fullest potential.
Whether you are:
- trying to gain a business advantage over your competitors
- dealing (you or your customers) with sensitive data or proprietary information, such as in the financial, healthcare, or legal industries
- just curious about the technology behind this feature
We highly recommend looking into the encryption solution offered by 4D.
Read the Detailed Document
Bcrypt support for passwords
Security is a fundamental topic for today’s business solution systems. At 4D, we understand its importance; that’s why we keep delivering features that tackle this topic.
And with 4D v19 R3, 4D now uses a stronger hashing algorithm for user passwords. Let’s find out more!
CryptoKey: Encrypt, Decrypt, Sign, and Verify!
4D solutions have always been safe and stable. This is because 4D invests heavily in developing and updating security features. 4D continues this focus in 4D v18 R4 with a new feature to further enhance its security toolkit. A new class providing a set of methods to perform common cryptographic operations is now available: CryptoKey class.
4D for iOS: Email authentication
Monitoring access to your mobile app is a very important capability that deserves further consideration. Email validation is one of the simplest and most secure ways to determine the authenticity and legitimacy of the person trying to log into your app. 4D for iOS enables you to easily handle this validation process by verifying that an email comes from whom it claims to be sent from, and by allowing you to block harmful uses of the email.
New 4D commands to work with encrypted data
In a previous post, we discussed how to get started with data file encryption. Now we’re going to discuss an additional way to work with encrypted data files: New 4D commands. These commands are designed to support most encryption requirements and allow you to deliver an encrypted solution to your customers.
Contact us
Got a question, suggestion or just want to get in touch with the 4D bloggers? Drop us a line!
* Your privacy is very important to us. Please click here to view our Policy