|Andynet, thanks for taking the time to respond. It is good to know that there could be a solution using APIs--it might well be a simpler solution than the networking approach I had envisioned before. I will do some research on this.|
The data that is exported to the text file is publicly available data, so my worry is not that it would be sent to the developers. So that you can understand my concern, here is a detailed explanation. I hope it gives a clear picture of what my concerns and objectives are.
The software in question is a specialized computer program for trading stocks/shares online. The program in question is developed by a reasonably well-known US company. The program uses the .Net framework and appears to rely heavily on XML as the means of storing data related to each stock chart. The program has built-in datafeed connectivity and is designed to be used with all of the major providers of stock market price data. If one has a subscription to a stock market data provider, it is simply a matter of entering one's user name and password. The program can then automatically connect to the data provider via the internet. As you can imagine, to do this, the stock trading program requires both inbound and outbound Internet access so that it can communicate with the datafeed provider and thereby display price data on any particular stock.
The stock trading program allows the user to add a variety of mathematical studies, known as indicators, to each stock chart. For instance, if one had a chart that showed a stock's price over a period of time, one could add a moving average of the price to the chart. Such indicators help traders identify buy and sell points.
The program also allows the user to create custom indicators by means of a wizard. Once a custom indicator is created by the wizard, it is possible to edit it and have quite a range of freedom without the necessity for a great deal of programming knowledge. Both the indicators included in the program--and any customised indicators that are created by the end-user--are written in a "script," which according to the program's help file, is an extension to the C# language. Before any custom indicator can be used, it has to be compiled. The program has a built-in facility for this function. The program's help file states that it uses C# and the .Net framework and runs compiled code rather than interpreted code.
Many people within the stock trading community are concerned about the potential for trading programs to take advantage of their connections to the internet. Indeed some very astute traders within the professional community have personally told me that this type of snooping activity does occur. I'm sure that it wouldn't take much programming savvy on the part of the developers to instruct the program to send the source code of any custom indicators back to the developers.
While I do not have the security resources available to professional traders, it would be irresponsible to simply turn a blind eye to this--it makes sense that a company could easily use the collective knowledge of professional traders to gain knowledge to help develop their stock trading software. I do not want to unwittingly enable the developers of the program to use my own indicators within their commercially available software.
In my efforts to tackle this problem, I have used a firewall (McAfee) to ban all ip addresses except the three that the datafeed uses. When I restrict internet traffic in this way, the program displays an error message that it can't connect to its licence servers, but otherwise seems to function without problems. Also, judging by what I see in WireShark there is no ip traffic except the data to the three datafeed ip addresses.
As someone who is not too familiar with networks, I am by no means certain that a lack of ip traffic would indicate that the computer is effectively locked down. I would think that there are other means of communicating that would be unaffected by an ip blocking firewall.
I had envisioned a two-computer set-up as a means to providing a higher level of security. My reasoning was that a network of two computers--one with an open connection to the internet and a second without a connection to the internet--would offer the advantage of isolating the program along with my custom indicators on the second computer. There must be a way of using the first computer to collect the data from the datafeed and then forward it on to the second computer without having the second computer send back any information.
I don't know if this reasoning is correct, but from my perspective it seems logical. Unfortunately, I don't know how to achieve this--or indeed if there is a better or easier way of achieving this.
So, in summary, my concern lies in whether the program is abusing its connection to the internet. And my objective is to somehow control the program so that it can receive price data through a datafeed, but neither send nor receive any other information via its connection to the internet.
I am not concerned about random attackers. I have always used a firewall/antivirus/antispyware to minimize exposure and use my trading computer only for trading. It is not connected to any other computers at home. When I'm not trading, it is unplugged from the internet.
I hope that this clarifies what my objectives are and the threats I am trying to avert.
With all that said, I think maybe I should spend some time on this API technique. It might well be simpler and easier to tackle.
Could I send you a private message once I have done a bit of research and have a better idea of the potential of the API approach?