Kaju self-updater talk (v.2.x)

I just released Kaju v.2.0, available at:

https://github.com/ktekinay/kaju

Kaju is a set of classes and tools to implement secure, self-updating in your desktop apps. It’s well documented and free to use.

Since it’s now up to v.2, I’ve started this new topic. You can find a conversation about v.1.x here:

https://forum.xojo.com/18780-kaju-self-updater-talk-v-1-x

I don’t know if I made a mistake, Kem, but in case I did not:
I am about to move a project that once ran with Kaju (it stopped a while ago and I did not find out why) to version 2 (from the 2.0 release). In this case the data will be hosted on an ownCloud which is password protected.

I initially put username and password into the properties of Kaju.HTTPSSocket. Tracing the debug build, I found these properties are unknown when the authenticationRequired method runs.
So I updated UpdateChecker.Execute to receive name and password as optional parameters and use Addhandler to tweak redirector’s and http’s AuthenticationRequired events to a method of UpdateChecker that basically does what the Socket method does not do. Looks much better now; I finally receive the json data again.

I haven’t tried but did the http://username:password@the/url form not work?

I haven’t tried that :wink:
Anyway, I am glad that with a few modifications the project runs again for me now. I’d have thought the AuthenticationRequired method would work and did not investigate why it did not.

I won’t be able to look for a few days but if you could use that form of the URL with the original code and let me know if it works, I’d appreciate it. If it does, I’ll add it to the documentation. If it doesn’t, I’ll modify the project to allow for that.

Does that not send the username and password in the clear?

That depends on whether the connection is encrypted or not no matter how you do it.

I’m not an expert on networking, so maybe I’m talking nonsense, but:

Do you mean you have to first establish a vpn?

If not then I was under the impression a new request would open a new connection?

No, I’m talking about http vs. https.

Well, you used http in your instruction, that’s why I asked. Seems a bad idea to me.

That was just meant as an example of the form, not a recommendation.

Coming from you, it’s practically gospel :wink:

There will be a lot of people (and not just beginners) who see this and think “If Kem is doing it then that must be the right way. After all, he wrote Kaju!”

I always think best practices should be followed, and username and password in my opinion simply don’t belong into an http link.

Ulrich, did YOU change it to https? :stuck_out_tongue_winking_eye:

The link is not supplied to the server that way. A browser parses it and places the login data into the header, and the Xojo socket might do the same. In any case, it’s always “plain text” in some form unless the connection itself is secured.

Yes, I did so.

I will test it the next days. The authentication was probably the reason I once wrote you that Kaju had stopped working for me. I thought it could be because of the uncertain 64 bit handling at that time, but with the release of v2 I was eager to get it working again – and I am glad I did so. Makes a much better perception from customer’s side if he does not have to install updates manually.

Since installing Xojo 2017r2 I am getting a advice notice each time I load a project with Kaju being used.

The advice is:
KajuUpdateWindow.hsSocket - This SSL socket has a default connection type which is no longer available and should be updated.

The default connection type is 2 which seems to be “SSL Version 3”. What should be the new default value?

I do not wish to update my app on my server until I can establish if the new compiled version works correctly. I know that I can test it myself but I don’t want my users to access the ‘new’ app until I am sure that it works correctly.

Thanks in advance.

Simon.

The change to the SSL Socket was documented in the change history… Basically all the old SSL stuff is deprecated and you should be using the TLS stuff… Use the constants and not the integer values (as recommended by Norman)…

I will update the project eventually, but it still works just fine.

I must be stupid! I cannot find this documentation, where is it?

Simon.

http://documentation.xojo.com/index.php/SSLSocket

Sorry guys, but I just cannot get it to work anymore. The Kaju updater just displays a message box saying that an error occurred, Try Again or Later.

I think it may be due to the recent changes in Dropbox. I used to just right-click on the .zip file and copy the Dropbox link, which I then pasted into the Admin App supplied. I have also right-clicked on the UpdateInformation.html file and copied the Dropbox link to my App url field.

I cannot seem to get the UpdateInformation text.

Simon.