Leaderboard

ICS V8.67 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0 and C++ Builder 2006 to XE3, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0. ICS supports VCL and FMX, Win32, Win64 and MacOS 32-bit targets. The distribution zip includes the latest OpenSSL 1.1.1i win32, with OpenSSL 3.0 and Win64 versions of OpenSSL being available from the download page. Changes in ICS V8.67 include: 1 - Added support and packages for RAD Studio 11.0. Updated SSL/TLS root certificate bundles, old certificates gone, new ones added, nothing major. 2 - Added support for OpenSSL 3.0 which is a major new release, primarily a lot of internal changes to ease long term support. There is an optional FIPS module with 3.0 but not available here since our DLLs are not built to the standards required for certification. The old engines for special extensions are replaced by new more versatile providers of which the FIPS module is one, a provider legacy.dll has obsolete ciphers and hash digests, including MD2, MD4, Blowfish, DES, IDEA, RC2, RC4, SEED, that most applications no longer need and which needs to loaded by the application by setting global variable GSSLEAY_LOAD_LEGACY to true before loading OpenSSL. 3 - OpenSSL 3.0 does not offer any specific new features of benefit to ICS at present, although HTTP/3 support is planned for 3.1 or later, so the main ICS distribution retains OpenSSL 1.1.1i which is fully supported until September 2023. OpenSSL 3.0 may be downloaded from the download page. There are two global variables to restrict which OpenSSL version is loaded, GSSLEAY_DLL_IgnoreNew set true will ignore 3.0, while GSSLEAY_DLL_IgnoreOld will ignore 1.1.1, if both sets of DLLs are available in the same directory. The main SSL samples all set these globals, which can be changed for testing one version or the other, or set by the application, but must be before OpenSSL is initialised. 4 - The main implication for ICS with OpenSSL 3.0 is for SSL/TLS certificate private keys saved with password protection, which is required for PKCS12 certificates for importing into the Windows certificate store. The new PKCS12 default password encryption AES256 is not recognised until Windows Server 2016 v1709 and Windows 10 v1709, so Server 2012, Windows 10 RTM and earlier won't load AES passworded keys, only 3DES, for which the legacy.dll must be loaded. 5 - The TX509Base class has various improvements. The ValidateCertChain method reports CA roots for multiple certificate verification paths with two or more intermediate certificates, rather than only the last. The CertMainInfo method provides a single line with the main certificate information. 6 - There are two new classes to write and read SSL/TLS certificates to and from the Windows Certificate Store, including private keys. This is primarily so Let's Encrypt certificates can be installed automatically for use with the IIS web server. TMsX509List descends from TX509List adding a method LoadFromStore to load the list from a Windows certificate store by store name TMsCertStore and location MsCertLocation. For My/Personal store, attempts to load private keys if they are allowed to be exported unencrypted. TMsCertTools descends from TSslCertTools adding methods SaveToStorePfx and LoadFromMyStore to access Windows certificate stores. Note access to the Local Machine Store for web server certificates requires administrator rights. 7 - Various improvements for the OverbyteIcsPemTool sample. It includes new buttons to list the contents of Windows certificate and private key stores and allow old items to be deleted. This may be useful for cleaning up old certificates and private keys from the Windows stores. Added ResavePrivateKey and Resave Private Key menu option which prompt for a PFX or PEM file containing an encrypted private key with a new cipher, renaming old file to .oldpem/pfx. Specifically for files saved with old ciphers than OpenSSL 3.0 does not support as standard if required for older versions of Windows. Displaying certificates and bundles is no longer a new modal window, but updates the existing log window. Improved import certificates from Windows certificate store to use TMsX509List instead of Windows API calls, and to access all Windows store locations instead of just user, specifically the Local Machine store where server certificates are located. 8 - For the TX509Certs component, the default cipher for encrypting PFX/P12 files is now PrivKeyEncAES256 with 3.0 unless the legacy DLL is loaded when still PrivKeyEncTripleDES so older versions of Windows can load them. Changed extraction of download PEM bundle so that main certificate does not need to be first in file, log them all, and ignore any self signed root certificates. If testing dns-01 challenge fails, rotate to next public server and three retries (previously only happened on timeout). When saving files with private keys, log encryption type used. Added more certificate output formats, OutFmtPwPem and OutFmtPwP12 specify whether to password PEM and P12/PFX private keys. Note Windows always needs passworded P12/PRX files, while Apache web server only accepts PEM files without a password. Allow automatic installation of new certificates to the Windows Certificate Store so they can be used by IIS web sites, by setting output format to OutFmtWinStore. Note application must have administrator rights to do this. 9 - Fixed two problems in the FTP client, support option ftpFixPasvLanIP for PUT/APPE uploads as well as downloads, and support IPv6 for PUT/APPE uploads as well as downloads. 10 - Fixed a problem in TIcsMailQueue with sequential number generation to avoid file locking errors and unicode BOM corrupting file, generate large random number for errors instead of reverting to 1. Don't save BOM withunicode compilers. 11 - In the Application Web Server TSslHttpAppSrv, added an optional LastModified parameter to the AnswerStream, AnswerPage, and AnswerString methods to avoid adding a custom header line with the date. Added NO_CACHE_EX and NO_STORE_EX literals. Added PUT and DELETE verb handlers, similar to GET and POST. 12 - For the HTTP client TSslHttpCli, fixed a relocation problem where the Location: header included a path with a space, encode the space. Fixed another relocation problem where HEAD sometimes stalled. Remove # fragment or anchor from URL in relocation, only used by browsers and not by servers. 13 - In the TIcsBlackList component, Internally use BlockedFlag instead of setting attempts to 9999 once the actual maximum failed attempts is reached, so we can keep counting attempts. 14 - Added a new SSL sample, OverbyteIcsDDWebService.dpr which is very similar to OverbyteIcsSslMultiWebServ.dpr, but designed as a Windows service, although it will also run as a GUI for debugging. It requires DDService service framework to be installed from https://www.magsys.co.uk/delphi/ddservice. asp. It also includes a REST server with simple lookup responses from a SQL database, which optionally requires DISQLite3 5.36.5 or later to be installed from http://www.yunqa.de. Note this sample in not in the project groups due to these pre-requisites. 15 - Moved TRestParams from the OverbyteIcsSslHttpRest unit to OverbyteIcsUrl to ease circular references. Added a new method AddItemNULL to add a null, in Json this will be unquoted. Added a new TRestParamsSrv component which provides methods for creating REST server Json responses from a SQL database resultset, one or more rows, also error responses. Note this is only compiled if DATABASE is defined in OverbyteIcsDefs.inc to avoid bringing in database units that are not available on all Delphi editions. There is a REST server sample OverbyteIcsDDWebService.dpr that illustrates SQL lookups. 16 - In the proxy component TIcsHttpProxy, don't send an HTTP request header until after HTTP body has been processed in case the body length changes. HTTP Forward Proxy using HTTP works again, broken in V8.65. Using HTTP Forward Proxy, convert absolute URL to path only since some servers can not process an absolute URL and sulk. 17 - In the Jose unit, rewrote the functions converting private keys to and from Json Web Keys with new OpenSSL 3.0 provider functions. Use AnsiStrings and functions when dealing with binary data to avoid possible issues with string conversions and nulls. Json now created with TRestParams. 18 - Added two new sample project groups, OtherDemos64 and SslDemos64 which include Win64 versions of all the main active samples with 64 added to the project name, so they can be regularly built alongside the Win32 versions without changing platforms and overwriting executables.

hi, I like paste here a little unit helping coders to do scalable I/O http app look, I did an apachebench in a I9 virtualized ubuntu, with 100 concurrent users, asking this text through webbroker and firedac postgres sql query: «Tuttavia, perché voi intendiate da dove sia nato tutto questo errore, di quelli che incolpano il piacere ed esaltano il dolore, io spiegherò tutta la questione, e presenterò le idee espresse dal famoso esploratore della verità, vorrei quasi dire dal costruttore della felicità umana. Nessuno, infatti, detesta, odia, o rifugge il piacere in quanto tale, solo perché è piacere, ma perché grandi sofferenze colpiscono quelli che non sono capaci di raggiungere il piacere attraverso la ragione; e al contrario, non c'è nessuno che ami, insegua, voglia raggiungere il dolore in se stesso, soltanto perché è dolore, ma perché qualche volta accadono situazioni tali per cui attraverso la sofferenza o il dolore si cerca di raggiungere un qualche grande piacere. Concentrandoci su casi di piccola importanza: chi di noi intraprende un esercizio ginnico, se non per ottenerne un qualche vantaggio? E d'altra parte, chi avrebbe motivo di criticare colui che desidera provare un piacere cui non segua nessun fastidio, o colui che fugge un dolore che non produce nessun piacere? Al contrario, però, noi con indignazione denunciamo e riteniamo meritevoli di odio quelli che, rammolliti e corrotti dai piaceri del momento, accecati dal desiderio, non prevedono a quali dolori e a quali sofferenze andranno incontro, e uguale colpa hanno quelli che abbandonano i propri doveri per pigrizia d'animo, cioè per evitare le fatiche e i dolori. Certamente è facile e rapido distinguere questi casi. Infatti nel tempo libero, quando abbiamo tutta la nostra possibilità di scegliere e niente ci ostacola dal fare ciò che ci piace di più, bisogna accogliere ogni piacere e respingere ogni dolore. Ma in altri momenti, o nei doveri inevitabili o negli obblighi che ci vengono dalle circostanze, spesso accadrà che si debba respingere il piacere e accogliere il fastidio. E così il saggio si regola scegliendo tra questi atteggiamenti, facendo in modo che o – respingendo il piacere – ne ottenga di più grandi, o – sopportando il dolore – ne eviti di peggiori.» calling an Apache2 module webbroker the system raw performances are impressive, producing 18000 (18 thousands) sustained http requests for sec pgsql local limits 1000, ssl off put PhysPG with libpq.so in lib path over the datamodule here the unit to use, before you can set this on webbroker source begin {$IFDEF MSWINDOWS} CoInitFlags := COINIT_MULTITHREADED; {$ENDIF} Web.ApacheApp.InitApplication(@GModuleData); Application.Initialize; Application.MaxConnections:=1000; Application.WebModuleClass := WebModuleClass; Application.Run; end. the unit to interface pooled pg unit PGPool; interface uses {$IFDEF WINDOWS} Windows, FireDAC.VCLUI.Wait, {$ENDIF} Classes, System.SysUtils, // FireDAC.Phys.PG, FireDAC.Stan.Intf, FireDAC.Stan.Option, FireDAC.Stan.Error, FireDAC.UI.Intf, FireDAC.Phys.Intf, FireDAC.Stan.Def, FireDAC.Stan.Pool, FireDAC.Stan.Async, FireDAC.Phys, FireDAC.Stan.Param, FireDAC.DatS, FireDAC.DApt.Intf, FireDAC.DApt, FireDAC.Comp.DataSet, FireDAC.Comp.Client; type TDB = class public DBC: TFDConnection; DBQ: TFDQuery; DBT: TFDTransaction; constructor Create; destructor Destroy; override; end; implementation procedure InitPool; var oParams: TStrings; begin oParams := TStringList.Create; oParams.Add('DriverID=PG'); oParams.Add('User_Name=USERNAME'); oParams.Add('Server=ADDRESS'); oParams.Add('Password=PASSWORD'); oParams.Add('Database=DBNAME'); // oParams.Add('CharacterSet=none'); oParams.Add('Pooled=True'); oParams.Add('POOL_CleanupTimeout=3600000'); oParams.Add('POOL_ExpireTimeout=600000'); oParams.Add('POOL_MaximumItems=1000'); FDManager.Close; while FDManager.State <> dmsInactive do Sleep(1); FDManager.Open; FDManager.AddConnectionDef('PG_Pooled', 'PG', oParams); oParams.Free; end; constructor TDB.Create; begin inherited; // init connection DBC := TFDConnection.Create(nil); DBC.ConnectionDefName := 'PG_Pooled'; DBC.LoginPrompt := False; DBC.FetchOptions.Unidirectional := True; DBC.UpdateOptions.RequestLive := False; DBC.Transaction := DBT; // init transaction DBT := TFDTransaction.Create(nil); DBT.Connection := DBC; // init query DBQ := TFDQuery.Create(nil); DBQ.Connection := DBC; DBQ.Transaction := DBT; DBQ.FetchOptions.Unidirectional := True; DBQ.UpdateOptions.RequestLive := False; DBC.Connected := True; end; destructor TDB.Destroy; begin DBQ.Free; DBT.Free; DBC.Free; inherited; end; initialization InitPool; end. eg. with TDB.Create do begin try DBQ.SQL.Text := 'select * from table'; DBQ.Open; while not DBQ.eof do begin S := S + DBQ.FieldByName('test').asString + '<br>' + FormatDateTime('ddmmyyyy hh:nn:ss', Now) + '<br>'; DBQ.Next; end; finally Free; end; end; kind regards R.

100 concurrent users querying pgsql (to see scalability of the stack httpd with db) same setup test done with latest PHP (jit) and pooling enabled is doing 3000 reqs/sec delphi llvm linux apache with pooling 15000 reqs/sec (5x!!! the throughput of the php)

Ok, thats an explanation. BTW: I have found this nice article from Paolo, maybe thats helpful too http://blog.paolorossi.net/2017/04/27/jwt-authentication-with-delphi/ I think it was planned to part 3-of-3, and part-4 came later: http://blog.paolorossi.net/2019/07/15/jwt-authentication-with-delphi-part-4/ I've noticed this only later, when appearing in DelphiMagazine, so maybe I should monitor Paolo's blog more often 🙂 http://www.delphimagazine.com/2019/07/16/jwt-authentication-with-delphi-part-4/

Hi That is correct. PDFium should not be used in multiple threads. If you are looking to generate PDF files only (i.e. not edit existing PDF files) then ImageEn's native PDF support (creating and saving) can be used in threads. Editing of annotations via PDFium is on the to-do list. Best regards Nigel Cross Xequte Software www.imageen.com

Mixing of VCL and FMX together in the same project is NOT officially supported. There are 3rd party solutions to make it work, but out of the box this is a fluke if it actually works.

The template engine is primarily focused on rendering output where data is provided by variables passed in. It does support calling functions written in Delphi. I think you could do two ways: have a function that does the recursion and returns the relevant html (so complexity is in the function in delphi). pro: template will appear simpler con: some presentation is offloaded to the function you can pass the menu structure to the template. you could use a stack in the template, which would allow you to process the structure in a recursive way using a stack, rather than relying on function recursion with a function stack. pro: all presentation is in the template con: the template may look a bit more complex I think I prefer option 2. As the template engine will not know offhand how to create a stack, the easiest is to have a structure containing menu and stack which is passed to the template.

I don't know the answer to that specific question. I know that you cannot run multiple threads rendering (different) PDFs to image formats simultaneously, which is why I use Foxit (formerly Debenu) QuickPDF Library for this purpose, where you can safely use multiple instances of the PDFLibrary class in the same process. Google 'PDFIUM multithread' for more information (some of it inconsistent or not recent). When single threading, we can use either library, and we find that very occasionally some (usually CJK) PDFs, which in general our users do not have control over, do not render with one and do with the other. Typically PDFIUM will report failures or unsupported PDF features, whereas QPDF is slightly more likely than PDFIUM to mis-render these edge cases.

They added Common Table Expressions 8 years after PostgreSQL (although they still don't have the recursive option, which PostgreSQL has had for 11 years now), tablespaces 15 years after PostgreSQL... they still don't support partial indexes, functional indexes, window functions, UPSERT, full text search or even timestamp with timezone. No compression support, materialized views, partition support... Their marketing material still brags about being "SQL-92 compliant". It's only been in the last few years that Embarcadero has made any user-facing improvements at all to Interbase. I remember a blog post by MVP Warren Postma several years ago about the Interbase Developer Edition shutting down after four hours (I think it's up to 48 hours now) and how ridiculous that is given that SQL Server, Oracle, etc. give free developer editions without the forced shutdowns. David Intersimone appeared in the comments and said that four hours was plenty of time to test any code and they didn't want people stealing the database. Warren, MVP status be damned, asked David why anyone would go through all the trouble of stealing Interbase when there were much better databases they could have for free? David didn't respond to that. Even SQLite offers window functions, partial indexes, functional indexes, JSON support, full text search, UPSERT and common table expressions with recursion now. (It's actually a damn fine database for performing data analysis on the desktop now; I'd choose it for business intelligence or analytics work over Interbase in a heartbeat). I leave you with four more quotes to ponder....

Because a pointer to empty would be quite stupid. While you can technically build an allocated array with a capacity of zero with some hacking the RTL always cleans up the memory as soon as an arrays length becomes 0. Fun fact - checking against nil for the purpose of "is it empty or not" opposed to comparing Length to 0 is slightly faster: procedure test(const a: TBytes); begin if a <> nil then Writeln; if Length(a) > 0 then Writeln; end; CheckArray.dpr.12: begin 0041D57C 53 push ebx 0041D57D 8BD8 mov ebx,eax CheckArray.dpr.13: if a <> nil then 0041D57F 85DB test ebx,ebx 0041D581 740F jz $0041d592 CheckArray.dpr.14: Writeln; 0041D583 A1B4254200 mov eax,[$004225b4] 0041D588 E8CF7DFEFF call @WriteLn 0041D58D E8B270FEFF call @_IOTest CheckArray.dpr.15: if Length(a) > 0 then 0041D592 8BC3 mov eax,ebx 0041D594 85C0 test eax,eax 0041D596 7405 jz $0041d59d 0041D598 83E804 sub eax,$04 0041D59B 8B00 mov eax,[eax] 0041D59D 85C0 test eax,eax 0041D59F 7E0F jle $0041d5b0 CheckArray.dpr.16: Writeln; 0041D5A1 A1B4254200 mov eax,[$004225b4] 0041D5A6 E8B17DFEFF call @WriteLn 0041D5AB E89470FEFF call @_IOTest CheckArray.dpr.17: end; 0041D5B0 5B pop ebx 0041D5B1 C3 ret

What if you use a trigger BEFOREUPDATE on table Master ?

That's correct the ExecSQL will create the TFDQuery object without an owner and you've to free (no matter if there was an exception or not).

Just updated to version 3.2 https://sourceforge.net/projects/image32/

I think you could bind the Tag property too, with LiveBindings. For me the whole LB thing is also still very much unclear, whats it's BestPractices are, to get best results out of it. Until now: "Handle with care"