SSL Transports for NexusDB

NexusDB is a database management system that makes use of a number of transports, including Winsock, COM , Named Pipe transports.

One can create their custom transports too. One powerful feature of NexusDB is the chained transports. This means that you can create a transport which will do some transformations and use other transport to deliver the actual data. This feature is used to provide Blowfish encryption for data. Now, you can also use SSL proxy transports to provide higher level of security and certificate-based authentication of clients and servers.


The steps to add SecureBlackbox on client side are:

  1. check that you have installed the necessary packages as described in SecureBlackbox ReadMe file. Install the package if necessary;
  2. Put TElClientSSLTransport to the form (let's name it "ClientSSLTransport");
  3. Set ClientSSLTransport.Transport property to the transport, which will do actual data transfer;
  4. If you don't have an instance of TnxRemoteServerEngine component on the form, put one (let's call it "ClientRemoteServerEngine");
  5. Set ClientRemoteServerEngine.Transport property to ClientSSLTransport;
  6. (optional) Adjust Versions property of ClientSSLTransport if needed;
  7. (optional) Put some certificate storage to the form and set ClientSSLTransport.CertStorage property to that certificate storage

The steps to add SecureBlackbox on server side are:

  1. check that you have installed the necessary packages as described in SecureBlackbox ReadMe file. Install the package if necessary;
  2. Put TElServerSSLTransport (let's name it "ServerSSLTransport") to the form;
  3. If you don't have an instance of TnxServerCommandHandler on the form, put one (let's call it "ServerCommandHandler");
  4. Set ServerSSLTransport.CommandHandler property to ServerCommandHandler;
  5. If you don't have an instance of TnxSecuredCommandHandler on the form, put one (let's call it "ServerSecuredCommandHandler");
  6. Set ServerSecuredCommandHandler.SecuredTransport property to ServerSSLTransport;
  7. (optional) Adjust Versions property of ServerSSLTransport if needed;
  8. (optional) Put some certificate storage to the form and set ServerSSLTransport.CertStorage property to that certificate storage.
  9. This storage contains server certificates
  10. (optional) Put some certificate storage to the form and set ServerSSLTransport.ClientCertStorage property to that certificate storage. This storage contains certificates of the clients if they are requested from clients when connecting.

You will find sample project of using SecureBlackbox with NexusDB in \Samples\NexusDB folder.


Towards maximum security

In fact, after the above steps your connection is encrypted. It is not easy to see the data anymore. However, the task is not complete. It is technically possible for some third-party to access the data. How is this done? Third-party establishes itself as a remote part of the communication and receives the information. Imagine you connect to a server and send a request. However the server you connected to is not the one you thought. In fact this is fraud server. Your request can continue some valuable information and it does not matter if you discover the problem - valuable information has been already passed to a criminal.

To prevent this, proper authentication steps must be taken. Both server and client must be properly identified as authorized to access the data. This is done using X.509 certificates. X.509 certificate can identify the side (server or client) in communications and it can also contain supplementary information that, for example, contains description of the scope of actions, which the client is allowed to do.

Ready to get started?

Learn more about SecureBlackbox or download a free trial.

Download Now