What is the best way for a client to authenticate with a server using the TCP/IP components of Indy (standard TCP client and server components)?
The server has a list of users and passwords, the client software needs to authenticate through the server with that list. It is VITAL that any transmission that is captured between the client and server cannot be used to authenticate by someone else on the network (for example someone using a network tool to capture network traffic).
I am trying to get my head around how this would work with Indy / Delphi.
I have read one entry on experts exchange about "secure handshake with TCP/IP", but it looks like the way that is done is by sending a random string to the client in clear text, then the client hashes it and sends it back, and the server compares the hashed values. However, can't someone capture the first "random string" and then do the same hashing to "fake" a session?
Tough one for me :-)