Seeing a challenge mid-session is not normal; whoever have a recent case - please execute Ctrl-Alt-H, upload the logs (put "Att: Dennis" in the notes) and PM me their user id, I will investigate this further (alternatively they can PM me and I'll reply with my IB email so we can take this conversation off ET board if they are not comfortable with exchanging some sensitive information here). Thank you.
What do you have to investigate ? Just store credentials when logging in and, in case of disconnection just relog in * without rechallenging * . Once one has logged in, the challenge must not be done again, until he shuts down the program. Is it so hard to just place a boolean flag in the client ? Then you can do whatever you like server side (even struggling with the bug for the next century). We dont care about that.
This is much more involved than "just storing credentials": we need to make sure you are who you say you are when you reconnect; I'm not going to explain in details the security algo used here, but think about this for a moment - if you are using dynamic second token device (that generates new token every few seconds) - what exactly it is we need to store and how will I differentiate you from the intruder next door who reconnects with the same ip and claims that he is you? The logs will help me pinpoint why security algo did not work as expected.
Yes sure. In fact i know nothing about programming... Just store the encrypted credentials in the client after the first challenge. It's secure.
qed: slowly approaching the feature state ... <img src="http://www.elitetrader.com/vb/attachment.php?s=&postid=3609977" />
Ok, now I am having problems with SSL (cfr. attachment): it causes my TWS to stop being updated and it disrupts my automated trading. And here, as usual, they say that IB suggested to simply disable the SSL: http://www.elitetrader.com/vb/showthread.php?threadid=218598 So let me get this straight: you enable the security token and the SSL for security, and if you don't keep it enabled, in case something goes wrong, you will not be refunded, says IB. But when you come across all the technical problems they suggest to disable it. Hmm, great. So I either run things smoothly and risk being hacked, or I accept having problems periodically, and then I am secure. Fine, after disabling the security token because of all the problems (that now seem solved, but I don't want to risk it), I will now have to disable the SSL, too, because this problem went from never happening, to happening once a week, in the space of six months.
We are not telling people to disable SSL; I will reach out to you via PM to help you troubleshoot this (this may not necessarily indicate a problem on our side)
Thank you for your prompt reply. One way or another I've always solved all problems, but I want to keep track of them on this thread. Not that I am exaggerating them in any way, but I am indeed venting out some frustration.
Yes, I am aware of that and thank you for the assistance. I've written a private message back, saying that for now I will forgo both the security token and SSL (which I had enabled after opting out of the security token), in order to avoid technical problems (they do happen). And then, if my capital will be enough to worry about hacking (if my security concerns will outweigh my technical concerns), then I will definitely have to opt back into the security token and maybe I won't worry about SSL (or do both, depending on the capital and the technical problems).