I am not an IT expert so I am not qualified to answer your questions. What I can and have answered is that the data that travels through the internet between NinjaTrader and TT is not encrypted. This is a fact based on a response I received to your question from my technical contact at TT.
My group has their own environment and I checked with our IT guru and he noted that TT does fully support encryption over an internet connection but it is disabled by default as most folks who are using an internet connection prefer to use VPN for security. FCM's have control as to whether encryption in enabled or not.
This is true for TT X-Trader however, it is not true for TT FIX Adapter which is what most 3rd party applications connect through. TT FIX Adapter does not support encryption through the internet.
I don't doubt that. we don't use fix adapter and wouldn't know. we use straight xt. thanks for the update though
I see this post about trading software and security,I am interested in how that was solved by Tradestation 9 If anyone knows about order submission,or order canceling in tradestation 9,is this operations transmitted via internet in encrypted form ?
I've been programming in the ninjatrader environment and from what I can see on how the program and the .NET environment. The datafeed enters your computer through one socket which doesn't seem to encrypted or anything and goes straight to a database. Processing then on the charts or behind the since can occur, then order submission. However, when you put an order on the market, we are required to send that data through a completely different socket which is encrypted according to what I'm seeing on the backend. Ninjatrader is using a SSL framework called OpenSSL you can check out their website if you want.
That is an interesting observation DT. Assuming you know what you are talking about (I am very green about network / software app. security), where does that leave the retail level trader? IOW, where are his vulnerabilities and what steps can be taken to reduce them?
well, I think it leaves us in a very good position. first off lets cover the TT side of things, TT and CQG have redundant servers all over the global that's why they are what they are. This makes it hard to follow a path of direct connect over time from a hackers point of view. This being said, our connection to the exchange and the important account number is transfer only at the beginning of the interaction from what the log files show me. And you are basically account becomes basically like an check routing number that the clearing house would use and with a unique ID for every transaction. Just like you see on your account summary. Now I can't look at Ninjatrader's routine for processing orders however I know they are going to probably be passing them like this. I know that ninjatrader takes several steps for security. 1) Machine ID - completely unique to your computer and the ninjatrader version, access, broker association. (what I would pass with your orders. It's very very smart to send this number with a market order to a clearing house server. ) * this is also how programmers can lock down software to a single machine. 2) license number - Another, security setup just so you make sure that the token passed when you authenticate with your broker is unique and unaltered. 3) SSL connection 4) SSL mail option in your ninjatrader settings also suggest that you can pass this information to a mail server as an encrypted key if you are using another platform for your market orders. You could also run a test by going to Tools > Options > misc. and setting up your own email to find out what they pass in this file. That's why I believe that we really don't need to worry about security from ninjatrader.
Nice analysis, and I thank you for your input. You seem to have covered some ground on platform security. What about the issue of strategies ? I've heard some grumbling about the potential for NT servers to see strategy code held locally when verifying licenses. Granted, most are probably worhtless, but I'm interested in knowing if they could.