Basically my question is the exact same one as this:
Simple client/server, TCP/IP encrypting the message stream, SSL
The difference is that I need this for pure C++, not .NET. I cannot use 3rd party libraries, so unless it's a Windows system component (like the above) I need something with source so I can get the generel idea and build it myself.
Thanks :)
Quoting the other question for reference:
"Writing a little TCP/IP client server
app. Basically it creates a server,
and then you can create several
different clients and set up a bit of
a chat session. What I am wondering is
there is any way to incorporate, using
standard .net libraries some form of
encryption?
m_mainSocket = new
Socket(AddressFamily.InterNetwork,
SocketType.Stream, ProtocolType.Tcp);
Is there any way of speficying tcp
using rsa?
Or would you (me that is) have to
write some custom libaries to do key
exchange and then encrypt the
subsequent chat messages? I have done
that before for uni but that was in
java but I know it would'nt be hard to
convert them. Just trying not to have
to reinvent the wheel...
Or what about utilising a ssl?
Thanks, Ron."
Have you considered using the ASIO library? think-async dot com/Asio/
There is an example specifically for an SSL based client/server. http://think-async.com/Asio/asio-1.4.1/doc/asio/examples.html#asio.examples.ssl
Its as "pure c++" as you can get.
You can always look at OpenSSL which is open source, but that would be like implement SSL yourself. I would suggest wrapping OpenSSL and use it. Or use the SSL tunnel application available in OpenSSL.
Writing your own encryption code is "not recommended". It's easy enough to make a simple mistake when using one of these libraries, let alone when you try to write one yourself.
What you really want to use is OpenSSL with Boost.ASIO on top of it. If you can't do that then your next best alternative is to use the Internet Explorer COM object. This isn't quite as flexible, but might work out fine depending on what your exact needs are. You can also explore the Win32 API. Last I looked there weren't enough crypto APIs widely available to do this. The final way of dealing with this is to wrap the .NET APIs so that you can make use of them from native C++.
Only if none of that works out for you should you even consider writing this yourself. You will make mistakes and your application will be less secure as a result. So, before you start trying to write your own crypto code you could also try to look at tunnelling SOCKS over SSH and use somebody else's SSH implementation. The next thing I would look at is to buy in the code rather than write it yourself. The code won't be as good as open source offerings as it will be less used so will have more security problems, but it will still be better than anything you would write on your first outing doing this.
Only if you've exhausted all of these options should you think about writing this yourself. Once you think about it you should try all of the other options again to make sure that you didn't miss getting one of them to work for you the first time around.
If you do still write your own implementation then throw it away and use one of the other options before putting it into production use as there will be mistakes that compromise the security to the extent where you probably may as well not have bothered.
Sorry to sound down on all of this, but getting these things right is really hard and not something you can do by just taking a quick look at somebody else's implementation.
Related
I can't decide which way I should take so instead of trying all options I would like to get expert's or more knowlageable people's ideas since I'm a C++ newbie. (After frustration with php for years I understood C,C++ is the way to go )
Extra info: I'm only linux user for a year :)
--Here is what I want to do: Webapp that people can register and chat and be friends. Like facebookchat but no less ability than it (should be realtime all the way) (For instance: If a friend closes the browser it should be seem unavailable).
--Options I have I guess: Using boost:asio, using BSD directly, using opensource server like nginx,lighttpd with fcgi (I din't like libev, libevent.)
--Here is main questions:
1) Is Nginx+fcgi+CPP spawning a new Cpp programme for each request (Performance would be bad)
2) Would using a ready server+FCGI make it impossible or harder the chat thing i stated above.
3) Would you choose BSD, asio or tweaking a ready server for such thing?(with a short why)
(Scability for development is main concern. I mean if it requires new implementations it should be done in future)(blaa blaa must be done)
What would you do?
I think I'd step back a bit, and consider a few questions. First and foremost, it's not apparent from your question whether you're basically trying to set up a web site (or something on that order) that provides this service, or you want to write software that (or example) others could incorporate into their web sites.
Second, it's not entirely clear whether you're interested primarily in the client side, the server side, or both. Most of what you talk about is on the server side, but the features you talk about providing are mostly on the client side.
Third, is the question of whether you're willing to write a closed system that requires your client to work with your server, or you want to use something like XMPP to provide compatibility with existing software.
To summarize: you seem to be jumping directly into nitty-gritty details of how to do things; before you can figure out how very well, you first have to decide exactly what you're going to do. Until those are answered, many of the "how" questions can't be -- and after they're answered, many of the "how" questions may easily disappear.
I would start playing with Wt (http://www.webtoolkit.eu/wt) which is a framework for Web applications, or Qt (http://qt.nokia.com/products/) which offer good http and https support
What is a good choice for a simple http Server lib? It doesn't need high performance. I rather look for something simple for some REST/JSON communication ("API").
It must be able though to work in a multithreaded environment and must be able to handle large POST request.
Any suggestions? I already tried cpp-netlib but this seems to be much too complicated for such an easy task...
Edit: I am looking for something really light-weight and simple. E.g. like Sinatra in the Ruby world. Poco is for me another example of a too heavy-weight library.
The first one that comes to mind is Poco Library ( http://pocoproject.org/ )
Cross platform, stable, well documented. While the library itself offers more than you probably need you can build and omit the portions you aren't planning on using to reduce bloat.
They have a fully featured Net library that includes several salient classes and utilities.
Here is a pdf of slides from that library, of particular interest is the HTTPServer class:
http://pocoproject.org/slides/200-Network.pdf
Not sure about large POST data, but I've previously used mongoose: https://github.com/cesanta/mongoose/.
If the LGPL license is unwanted there is a MIT fork from when the project was MIT that also add a C++ API https://github.com/bel2125/civetweb
I would encourage you to start with http server samples in boost.asio. They are so simple and easy to understand, that you should be able to easily extend them as needed.
However, if you want to jump onto something more polished than just sample code, I know of 3 http servers in C++ which you may like to try:
"x0 - HTTP Web Server Framework" to me personally this one seems most promising, because it's lightweight and simple
"highpower / xiva" is a simple http server framework for delivering notifications to browsers
"Pion, a project of Atomic Labs" is a part of elaborate framework for handling large amounts of data
Pretty late answer; but hope this helps.
For your interest of a server that can handle REST, here is the easiest HTTP Server library to use (in my opinion): https://github.com/yhirose/cpp-httplib.
For JSON parsing, you may search for another library to use it in conjunction.
Personally, I'd go for Arachnida but that might be because I wrote it.
For some time now I've been tossing around what I think is am awesome idea: I want to write essentially a C++ phone server to handle all of my incoming calls on a land-line. I'll have a white-list (yay never having to worry about telemarketers ever again!), a black-list, and will be able to access my phone using my gaming headset, allowing me to make/answer calls while I'm gaming or whatever. In the future I'd also like to hook it up to a gui and make it have pop-ups and other cool features.
The problem is, I have no idea where to start. I'm familiar enough with C++, but have no idea how to go about doing anything with a phone-line. I can plug a phone-line into my computer, but I have no idea how to get my program to be able to use that connection. There's WinSock2 for being able to use my ethernet connection, is there something similar I'd be able to use to use the phone line? As it's using the same ethernet jack, I wonder if it's even possible to use WinSock2 to use the phone-line?
I saw this post, which wasn't particularly helpful: stackoverflow link , which points out Dual-tone multi-frequency signaling. I stumbled across this site: link, but isn't really going to help me get started.
So I was wondering, is there some sort of library out there that would allow me to tap into a phone-line that's connected to my computer? Is there a standard somewhere out there concerning phone-lines and what the different combinations of tone's mean? Can anyone here help get me started? I realize it's somewhat of a big undertaking, so any push in the right direction would be greatly appreciated. Thanks.
[Update:]
I found this question, which is a step in the right direction, but I'm not sure yet if it helps me (I need to go to bed, and will take a look at it in the morning). I did see mention of a Microsoft Telephony API though, I'll try doing more research on that tomorrow.
If working with MS products is not an absolute necessity, you might also consider taking a shot at Asterisk. This is an open-source PBX (in software) that allows development on Linux, Windows (emulated) and Mac. At the company where I work, we use it for implementing small-scale exchanges, about a 100 lines or so. It also interfaces well with VoIP and allows a whole host of protocols. I have developed scripts and programs in C++ that work on voice packets in real-time, and so far, my experience has been good. As for your stated use-case of blocking telemarketers etc., this would be a very good fit. Check out further details here.
After doing more research, having one link lead to another link, and coming up with new search terms, I stumbled across this site that looks like it could kick me off using the Windows Telephony API in C++: link. This link includes open source c++ samples showing how to do the basics of what this question asks, I'll just have to test to see if they actually still work.
This is only the beginning of my research, so I'll keep you posted on any other findings. If anyone else is knowledgeable in this area, please still feel free to drop me information on what I want to accomplish.
I need to start my new challenge, write my own RDP client for Linux (full protocol implementation based on 7.1). Most of you will suggest to search on the web for free RDP client....but in my case I have to write from scratch the application.
Is there anybody with RDP experience in C/C++ under Linux? I am not looking for technical information. At this stage I only need to evaluate how long it would take to write the application. I do not have any experiences with RDP. Roughly how long would it take for one person full time? There are many "variables" to consider....but just an estimation would be enough.
Thank you.
Luke
I have some experience because my company did some work with the RDP protocol. These are some select things you'll face should you go through it:
You'll have to work out different the compression algorithms. Mostly run-length encoding.
Encryption. The older versions of RDP used RC4 and RC5 if I recall correctly.
Authentication. NTLM and CredSSP are popular methods.
It would probably take you a month just to get something working assuming you'd write your client non-stop.
Also as Duck has pointed out in the comments there are many little things. Just for example: how will you handle ROP3 drawing? Will you implement a few codes or all of them? This is a little problem but will probably take you some time.
If your goal is to have a graphical remote access protocol, you'd be better off with VNC which is many times easier. After you've seen what it takes to implement such a protocol, you'd see what the typical pitfalls are.
I have recently been given a task to add the ability to interact with Web Map Services to an existing MFC application and I am in need of a client-side HTTP API.
Based on my research, the leading candidates seem to be CAtlHttpClient and WinHTTP. I was curious to see if anyone had experiences they could share or opinions on which would be the better way to go (or suggestions for something else entirely).
At first glance, CAtlHttpClient seems to be a bit higher level and easier to use. However, in my research it seemed that any time people had a problem with not being able to do something with it, the answer was "use WinHTTP".
Result
I wound up using WinHTTP because WinInet displays dialog boxes and our application is usable through a COM API. I avoided Ultimate TCP/IP because I work for a large company and getting third party software approved for use in a product is a complete nightmare.
The simplest one is the WinInet MFC wrappers: CInternetSession and friends.
WinHTTP, although a different API, is built on the same model as WinInet yet provides better HTTP support (no FTP though but you probably don't care). Whether you need the extra goodies provided by WinHTTP should be examined.
A down side of WinHTTP is that ATL/MFC don't provide wrappers for it, as opposed to WinInet.
And as Rob mentioned, UltimateTCP is a excellent alternative. One of its advantages is that it's a library: you link the code into your application, thereby eliminating DLL hell potential problems. Also, it comes with full source code which might be convenient if you run into a limitation of the implementation.
Make your pick!
Try Ultimate TCP/IP available for free from here:
http://www.codeproject.com/KB/MFC/UltimateTCPIP.aspx
It's a very good library and very easy to integrate with your apps.