Omnis Technical Note TNWE0009

Setting Secure mode for the Omnis App Server

For Omnis Studio 4.x or above

After a number of support cases concerning secure mode for the Omnis App Server, this document was produced to clarify the way the Omnis App Server works with secure sockets.

There are two ways of making the Omnis App Server and its clients use a secure connection, the first is to prefix the WebServerURL in the html page with 'https://'. This will ensure that the Server and clients run over a secure connection for the duration of that connection. (In this case, the Server cannot be made insecure by setting the remote task property $issecure to kFalse.)

The second is to use $issecure, which is a task property. It was intended that this property is changed dynamically when secure information needs to be communicated, for example, a credit card number, and then returned to a non-secure state. This reduces to a minimum the additional overhead which secure sockets incur.

There is no indication that the client is running in secure mode, apart from a noticeable performance hit when used over slower connections: for fast connections there is little difference.

The Web Browser may indicate a secure or non-secure connection but this is not connected to the state of the client. You can therefore see a Web Browser with the 'Padlock' showing but the client will still be in a non-secure state. Vice-versa the Web Browser may be in a non-secure state, but the client can be running securely within it.

The property can be changed using the command:

Do $ctask.$issecure.$assign(kTrue)

As this is a property of the task any $changeform() methods do not effect the state of $issecure.