IB: Hong Kong servers and Password Non-transmission

[pcvix]

Can someone from IB's technical department confirm what IBsoft wrote (and repeated below) about password non-transmission in an earlier thread?

Does this follow that, from an account security perspective, it's perfectly safe to use IB's Hong Kong servers (which don't allow TWS SSL login)?

http://www.elitetrader.com/vb/showthread.php?s=&postid=1102233

Quote from IBsoft:

Our login is secure. The password is never transmitted between the TWS and the backend servers.

If you check the SSL checkbox, it will result in the whole order and execution traffic between the two points being encrypted by SSL.

Just want to double-check...

Thanks!

 

[pcvix]

http://www.elitetrader.com/vb/showthread.php?s=&postid=1102071

Quote from ids:

Our login procedure is absolutely secure in any case. SSL makes sense if you worry about somebody listening your channel and trying to figure out what exactly you are doing. For overwhelming majority it does not matter. SSL is not absolutely free in sense of time and resources. If you do not feel like your trading strategy is a real treasure or your financial information is not super-valuable, SSL is an unnecessary burden.

Can someone from IB explain whether "financial information" in the above quotation includes a customer's username, account number, positions and balances?

Thanks!

 

[learner2007]

I was told by someone at IB in Hong Kong last year
that SSL was not available when using the HK server.
Has this changed?

 

[hektor]

I have the same problem with the swiss server. Since 4 years the SSL login doesnt work with Peer=gw1.ibllc.ch:4000.

 

[Trader_Herry]

If SSL is enabled, it allows all communication and data between a browser and a server to be encrypted.
If there is no SSL, your data is not encrypted. You opened up a chance someone snoops your network and read your unencryptd data.

Think about it. Why is SSL available? If SSL were not needed, it wouldn't be there at all in the first place. That means it is alwasy best if you can connect via SSL (extra security).

You need to bear more risks if you connect without SSL.

 

[def]

Quote from pcvix:

Can someone from IB's technical department confirm what IBsoft wrote (and repeated below) about password non-transmission in an earlier thread?

Does this follow that, from an account security perspective, it's perfectly safe to use IB's Hong Kong servers (which don't allow TWS SSL login)?

http://www.elitetrader.com/vb/showthread.php?s=&postid=1102233



Just want to double-check...

Thanks!

I can confirm what he said is correct.


"1) Our login is secure. The password is never transmitted between the TWS and the backend servers.

"

 

[pcvix]

Thanks, def.

Can you possibly explain what "financial information" (referred to in my second post above) means?

Thanks again.

 

[Trader_Herry]

Quote from pcvix:

Thanks, def.

Can you possibly explain what "financial information" (referred to in my second post above) means?

Thanks again.

It is a simple term. Nothing special. Open your Account Page in TWS. You can find most financial information they are referring to.

Simply as that. Every piece of data transmitted is not encrypted during that session, so someone can snoop and read all these data. Imagine you home with the door unlocked. Someone can sneak in and peek at you.

Now the login is very secure since we need token to login. No hackers can install a spy behind your shoulder.

 

[pcvix]

Just to clarify, could someone from IB explain whether "financial information" in the quote from ids (referred to in my second post above) includes a customer's username and account number?

Thanks!

 

[pcvix]

Would someone from IB care to reply to my query above?

Thanks!