IB trader workstation auto login...

Quote from Trader.NET:

Is your ATS running in remote site? If so encryption does help, but remember it has to be decrypted by your program. So it's not 100% safe if running on a remote site. If it's on your computer, there's no need to do so as TWS sends your password using SSL if you choose to.
More...

It's running locally. I'm trying to protect it against hackers hacking into my PC. For auto-login, I need to save my username and password and encrypt/decrypt it somehow.

I just thought about this. I can encrypt them using a key generated by a hardware specific number (something from the network card) and then save them to a file. Then my ATS program calls an executable file that does the decryption and autologin. At least this'll make it harder to hack but probably not impossible.

Edit: Actually, I don't think I need to save them in a file. I can put the encrypted username/password in the executable file. Then it decrypts them using the key of the network card. The only way to access them would be by reassembling the executable.

 
Quote from TriPack:

There are several programs with full source code that do this same thing in various different ways, including one I wrote for VB6 that can be found in the files section of the TWSAPI list, a list that I help moderate:

http://finance.groups.yahoo.com/group/TWSAPI/

Other utilities in that area simulate clicking OK on the "Accept Incoming Connections" dialog, playing a sound when the connection to IB is lost, as well as auto logging into the TWS.

There are numerous other samples in other programming languages and lots of good info in the list archives on a host of TWS API issues.
More...

Thanks Tripack. I'm very familiar with your and other programs in that list. But I don't remember seeing any encryption methods in your auto-login code.
 
Quote from chinook:

Thanks Tripack. I'm very familiar with your and other programs in that list. But I don't remember seeing any encryption methods in your auto-login code.
More...

You are correct. No I haven't seen any mention of encryption on the TWSAPI list either. In fact I'd have to say that as far as encryption is concerned I know virtually nothing and after a quick search of that list don't see anything that could help you in this matter. Sorry not to be of more help.

I just checked and it looks like you use VB.NET so I did a quick search on www.codehound.com for "encryption" the first article has some good basic "how to" information with regards to encryption along with some samples. The sample shows how to save the encrypted text in a separate data file.

http://www.vbexplorer.com/VBExplorer/library/encrypt.htm
 
just21,

Thanks for the suggestion. I'm aware of TWSStart but I'm trying to do this from my own program.

tripack,

That's a good start. There are some advanced algorithms for deeper encryption. I need to think about this more to be able do it as hacker proof as possible.
 
Do you mean encrytion or ofuscation? Encryption needs the key to decrypt the encrypted password. It's not good idea to leave your key on your computer if you're concerned with the hacking your PC.

You would be better off by just hiding your password in your program using a little trick like base64 encoding or any other encoding scheme to make it harder for casual user to peek your password.

If you can use your NIC MAC ID to generate hash to encrypt the password by a separate program that will not reside on your computer. Then your ATS program can recover the hash from the MAC ID and decrypt the password (SOMEHOW, not sure how you can do it), then you get a nice protection. The hacker will need your MAC ID to crack the password.

But the weak point is still that if a hacker gains access to your PC, he/she has access to your MAC ID, therefore, you're back to square one:-)

The better approach would be to protect your PC from hacking instead trying to make each individual program from being hacked.

Quote from chinook:

It's running locally. I'm trying to protect it against hackers hacking into my PC. For auto-login, I need to save my username and password and encrypt/decrypt it somehow.

I just thought about this. I can encrypt them using a key generated by a hardware specific number (something from the network card) and then save them to a file. Then my ATS program calls an executable file that does the decryption and autologin. At least this'll make it harder to hack but probably not impossible.

Edit: Actually, I don't think I need to save them in a file. I can put the encrypted username/password in the executable file. Then it decrypts them using the key of the network card. The only way to access them would be by reassembling the executable.
More...
 
I guess I mean both of them. You're right a persistant hacker might figure out what's going on but if I use what I described it won't be very straightforward.

I'm using a software firewall but I'll also get a router soon.


Quote from Trader.NET:

Do you mean encrytion or ofuscation? Encryption needs the key to decrypt the encrypted password. It's not good idea to leave your key on your computer if you're concerned with the hacking your PC.

You would be better off by just hiding your password in your program using a little trick like base64 encoding or any other encoding scheme to make it harder for casual user to peek your password.

If you can use your NIC MAC ID to generate hash to encrypt the password by a separate program that will not reside on your computer. Then your ATS program can recover the hash from the MAC ID and decrypt the password (SOMEHOW, not sure how you can do it), then you get a nice protection. The hacker will need your MAC ID to crack the password.

But the weak point is still that if a hacker gains access to your PC, he/she has access to your MAC ID, therefore, you're back to square one:-)

The better approach would be to protect your PC from hacking instead trying to make each individual program from being hacked.
More...
 
Yeah. I didnt think that out. It would start tws but wouldnt be able to fill in the blanks. I use macro express which does a good job.

p.s. If you use ensign or another package that will auto login to tws then the scheduler would work by simply starting the package.
 
You must log in or register to reply here.
Back
Top