David Heffernan

56 minutes ago, Soji said:

It is a legacy application. Sustain mode. So looking for a quick solution.

So you don't mind if the security is easily circumvented? 

Although do anticipate that any hacker will be able to see the plain text when you decrypt in memory. 

So often this is caused by a defect in your code. You supply an argument that is invalid. Perhaps an object that has already been destroyed. So full fastmm4 debug is useful. 

You would debug this by trying to create a minimal example that reproduces the issue. That's the starting point. 

45 minutes ago, Nathan Wild said:

This is not a multithrreaded application.  Or at least my application is not.  Is suppose it is possible the ODBC interface is for some reason?

No reason at all to suspect that multithreading is the issue here. You aren't likely to get good leads from people making random guesses. Hard debugging is the way forward. 

14 hours ago, dummzeuch said:

Only one for ssh (but not the default port). Everything is tunnelled through an ssh connection.

The WOL packet is also being routed it would seem. 

6 hours ago, vfbb said:

For random AV, I would say you have a multithreaded application without correct synchronization.

One of many possible explanations, but far from the only one. 

How many ports do you have open on your public facing router? 

1 hour ago, A.M. Hoornweg said:

Hello all,

 

I'd like to know if it is possible to activate the FastMM4 Option "AlwaysClearFreedMemory" temporarily/on demand in code? 

The reason being that some of my routines work with confidential passwords/hashes.  Delphi often uses temporary "hidden" strings and interfaces (for example when concatenating strings) so there's the risk of legible stuff remaining in RAM when such a routine exits.  

That's surely not the right solution to the problem. The right solution is to implement the critical code following standard security practices.  And to then get it audited by a security expert.

This point about interop has merit, however, Boolean is the wrong type for interop. You need LongBool. 

It would have been trivial to solve if only you'd used the debugger. Make it your next mission to learn how to use the debugger. 

It's simple. Why write 

if SomeBool = True then 

when you can write 

If SomeBool then

It simply adds nothing. 

1 hour ago, Ole Ekerhovd said:

aUser.Administrator=false

Why is it so hard to reach the conclusion that aUser.Administrator is false? 

Instead of being helpless here, you can get help from us by providing a minimal reproduction. Easier still would be simply to debug your program. Have you done that? 

Never compare to False or True. Instead write 

if someBool then

Or 

if not someBool then

That's not your problem though. Your problem is quite simple. It's the most obvious explanation. You are mistaken, in fact aUser.Administrator is false. It's that simple. 

Yeah, modal dialogs and popup are deeply invasive. Find a different way to let the user know. 

31 minutes ago, A.M. Hoornweg said:

The default calling convention in Delphi is "register" (the compiler tries to pass parameters in registers if possible to speed things up). 

 

The "Stdcall" convention is used throughout by the 32-bit Windows API (which consists of DLL's).  So, for consistency's sake, it makes sense to adopt that calling convention for your own 32-bit DLL's as well. "Stdcall" tells the compiler that the caller of the function will pass all parameters on the stack in a right-to-left sequence and that the function itself is responsible for cleaning up the stack before returning.

 

As Remy Lebeau pointed out, in 64-bit Windows there's only one calling convention. So you could do something like this:

 

//in the DLL:

Procedure MyProc; {$ifdef win32} Stdcall;{$endif} Export;

begin

..

end;

... exports 'MyProc';

 

 

//In the exe:

Procedure MyProc; {$ifdef win32} Stdcall;{$endif} external 'mydll.dll';

 

 

 

 

 

 

 

As discussed above the conditional code simply adds clutter for no benefit. The compiler has already handled the issue for you. Remove the conditional, and let the compiler ignore stdcall in x64.

A second point is the use of the export directive. It is also always ignored (a hangover from 16 bit days). Again it should be removed.  Therefore the best practise would be to write:

procedure MyProc; stdcall;

And that's it.  Obviously you still need the exports list somewhere.

It depends on the window ownership (aka popup parent) relationships between your forms. What is that in your case? 

The ifdef is pointless and wasteless. On x64 stdcall is, like all calling conventions, ignored. So remove the ifdef and leave stdcall there for the platform that it has meaning. 

This class can't be used without the compare type being specified. 

1 hour ago, David Schwartz said:

Delphi doesn't have that ability, so you need to inject the really core initial parameters in the Create call, and then add others AFTER the object has been initialized via property injection.

This seems bogus. Define "really core" please. 

6 hours ago, Lars Fosdal said:

How is it worse?

You are advocating defining new classes in order to set a single field in the base class. If you can't see what is wrong with that I am surprised. 

6 hours ago, Lars Fosdal said:

How would you solve it? 

I already said. 

59 minutes ago, Mike Torrettinni said:

Thanks, so each type of comparer would be its own class, derived from main class. OK, not something I considered.

OMG, take a poor idea, and make it much worse

1 minute ago, Lars Fosdal said:

Having arguments to the constructor is something I try to avoid.

Also a false goal. 

49 minutes ago, Mike Torrettinni said:

So, the whole point was use as little units as possible.

That's a false goal. Remove that goal from your life. Following it will be making your code worse. 

It works. But better to have one constructor that accepts an argument. Think of the time you need to decide at runtime which path to take. Then your way is hopeless. 

Ugh, the code you write shouldn't need those ifdefs. That the entire point of you using the libraries provided by others, like Emba. They present a common interface to you. That's the entire point of cross platform coding.