Omnis Technical Note TNWE0009
Setting Secure mode for the Omnis App Server
For Omnis Studio 4.x or above
Due to its publication date, this technote contains information which may no longer be accurate or applicable on one or more of the platforms it refers to. Please refer to the index page which may contain updated information.
After a number of support cases
concerning secure mode for the Omnis App Server, this document was produced
to clarify the way the Omnis App Server works with secure sockets.
There are two ways of making the Omnis App Server and its clients use
a secure connection, the first is to prefix the WebServerURL in the html
page with 'https://'. This will ensure that the Server and clients run
over a secure connection for the duration of that connection. (In this
case, the Server cannot be made insecure by setting the remote task property
$issecure to kFalse.)
The second is to use $issecure, which is a task property. It was intended
that this property is changed dynamically when secure information needs
to be communicated, for example, a credit card number, and then returned
to a non-secure state. This reduces to a minimum the additional overhead
which secure sockets incur.
There is no indication that the client is running in secure mode, apart
from a noticeable performance hit when used over slower connections: for
fast connections there is little difference.
The Web Browser may indicate a secure or non-secure connection but this
is not connected to the state of the client. You can therefore see a Web
Browser with the 'Padlock' showing but the client will still be in a non-secure
state. Vice-versa the Web Browser may be in a non-secure state, but the
client can be running securely within it.
The property can be changed using the command:
Do $ctask.$issecure.$assign(kTrue)
As this is a property of the task any $changeform() methods do not effect the state of $issecure.