Bluetooth UUID and pin request in QT - c++

The Bluetooth UUID identifies a special Bluetooth Service I used in a Bluetoothserver, i implemented.
I also wrote in qt creator a small qml app to search for and connect to the service with that special UUID.
My question is: Can everyone connect to that service by searching for bluetooth devices in general, or are you only able to find it, if you search for that uuid?
If everyone can find it, so how can I set a pin on my Bluetoothserver and a pin request in my app in qt?
Thanks in Advance!

Generally, all UUID services are available for discovery (SDP) and connections. There may be a security setting that can restrict service discovery for paired devices only. So, if a pairing prerequisite for service discovery is a sufficient restriction, you may be fine. Otherwise, you could implement your own password request and acceptance using the the new connection via your custom UUID service. For example, if a "password" or "custom protocol command" is not received within 3 seconds, your Bluetoothserver can drop the "unauthorized" connection on this service.

Related

Check for EAP credentials issue

I want to check if EAP credentials are present (stored in the registry or not) when connecting to the Enterprise wireless network from the imported profile using my program. I use this method: WlanSetProfileEapXmlUserData for storing the user credentials. The imported profile only stores the wireless network xml data and not the username and password. So, what method from Wlan API should I use to verify that the user credentials are present for the specific wireless profile? I only need information. Thanks.
I have fixed the issue by checking for wlan_notification_acm_network_available code, from the MS docs (https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ms706902(v=vs.85)):
The wlan_notification_acm_network_available notification is sent when all of the following conditions occur:
The wireless service finds connectable networks after a scan
The interface is in the disconnected state;
There is no compatible auto-connect profile that the wireless service can use to connect.
After a while when connecting to EAP profile without the user credentials it gets wlan_notification_acm_network_available code. Now the application intercepts it and send a notification to enter the user credentials. The issue is resolved.

Encrypting string in C++

I have a client server based application where user is presented with login screen in the client. It then passes the credentials to the server which does the authentication. Client-server communication happens via a web service hosted on the server using https protocol (with TLS1.2 support). Client passes username and password to the web service. I am thinking of encrypting the password evethough I am using https based communication. My questions are:
Is it worthwhile to do a second level of encryption for password?
Is there any good practices to follow (like which algorithm to use etc)?
Its a MFC based application written in C++. Does windows provide any methods to do this?
I agree you should ask the first two question Information Security Stack Exchange.
Yes windows provides some methods to do encryption. There is a whole library called Microsoft CNG
Do not be tempted to use their obsolete "Cryptography API" - CAPI.
DO NOT be tempted to write crypto code yourself.
If you are using HTTPS/TLS1.2 and pin the certificate there is no reason to further encrypt the data.
https encrypt the entire transmission except for the URL address, thus the query string, etc is encrypted.
Encrypting the password just moves the problem to how will the encryption key be shared between the client and server?

Domino web service Single sign on is required?

We have intranet based notes applications. We need to create a web service provider from notes and it needs to be consumed from other internet based application.
Note- the consumer will be triggered from external environment not from our network.
For Eg: Network X is ours, all the note application works only in network X(not in internet). It means that single sign on is not enabled. The external application is in network Y.
We have a provider and it works fine in our end. But we need to consume it from the external application, it is ASP .Net.
Question :
Does Single Sign on need to be enabled in our domino server?
Is there any possible to consume my provider without enabling single sign on from external application?
Which is the secured web service scenario in Lotus notes domino?
We are using notes 8.5.3.
Thanks in advance
I will start a response, but I'm afraid that you didn't gave enough information to get the response you need.
Basically, your WS provider is anonymous, so a consumer calling it from the Y network will act as anonymous.
[edited]
From your network Y, simply open the WSDL to check that you have access:
//server/yourdb.nsf/WS_name?wsdl
Using tool like SoapUI, try to consume it.
According to you remark (hello word) you don't need what I mention below about security. I suggest you to read Creating your first Web Service provider and consumer in LotusScript and Java.
Security
If the data you want to send are publicly accessible, you have not to care about security and SSO. If in contrast you need to give access thru your WS to a limited audience, you will have to read and do what IBM recommends:
How to secure a web service hosted on a Domino server
I suggest you to provide some information:
in which language is the WS (LS / Java)
how/what ganularity did you implement the security (reader field, or ACL)
What is the data you
are returning with your WS

WSO2 MDM Connection Failer

Im trying to setup WSO2MDM on Nexus 07 tablet.
I have configured web based backend and its up and running.
I followed the guide lines in documentation to set up Client mobile app on the tablet. (Already set the configuration according to steps on documentation and compiled it.)
But When I try to register using tablet it gives me an error saying "Authentication failed due to a connection failure do you want to try again?";
Please advise me how to sort this out.
What's the authentication parameters you tried? In a fresh pack, you may not have configured tenants. So your basic login parameters can be "admin", "admin" as the user name and password. That's basically the super admin's credentials.
First check whether you can enroll the device to that user. Then try with the new user you have created. Always keep the Domain field empty if you do not have a tenant set up. And if you are trying this setup in your local machine, make sure your device and server are in the same network. Android WIFI tethering may help you in that case.
Use this guide[1] when you are enrolling.
[1] - http://wso2.com/library/articles/2014/03/how-wso2-emm-addresses-the-android-challenge/
Thanks

how to implement message level security in web service

I have to write client for webservice which is using private key to encrypt the xml data and send it over wire.
I am unable to find anything useful which help me to build my understanding over same.
Most probably I have to do this with spring ws security.
--> my server is using wso2 framework for the same.
Kindly help me out with ur experience.
you can use rampart (ws security module comes with WSO2 framework) at the client side as well.
You need to set the policy at the client side and invoke the client using the relevant modules please have a look here[1].
If your server uses WSO2 platform there is an option to generate the client using the admin console. If you have engaged the security to the service generated client has those policies.
Take a look at the rampart[2] samples as well.
[1] http://wso2.org/library/3190
[2] http://axis.apache.org/axis2/java/rampart/