Clément

deleted

Why can't you use MD5? A TObjectDictionary< String, TDataset > where "String" is MD5( _Your_SQL_String_With_All_Parameters_evaluated ) and TDataset the structure for the result. The Dictionary should be created with OwnValues parameter, this way the TDataset instances will be freed when the dictionary is destroyed.

Stay safe and I wish you a full recovery!

After using the IDE (10.4.2) for a few days, I wouldn't be fair to say it's just more stable. All the features I'm using are working, including Debug! Most debugging problem are solved, mostly 64bits. If you have a problem LSP you can still deactivacte it. The new LSP features are working fine for me, but it might help if one deactivate it. For instance you can disable error insight: And disable LSP: Even without those items, the IDE still has enough features to justify the migration. You can call me a dreamer ( or incorrigible optimist ), but if Emb can keep that same quality ration from 10.4 ->10.4.2, it's very likely to have a good 10.5 version. 10.4.2 is a clear improvement over 10.4.x (Error insight level at "Warnings and Above") By hovering the mouse over the yellow line, the IDE shows the warning. Cool eh?

I'm impressed! I used the migration tool to update from 10.4.1 to 10.4.2. Downloaded the WebInstall. Everything went well. The IDE opened and as expected only Getit Packages were out. Getit package got better! I manage to install my packages without any glitches. ( VCL Styles, ICS, SynEdit and JCL is also there ). I don't understand why some VCL Styles were only available to some IDEs (older). Shouldn't they be available to all? I understand VCL Styles should be part of delphi from the version it is released upwards. When opening a large project a status screen the unit being loaded! It also shows when you open a unit/frame/form. Cool! There's a nice progress bar on the project manager window footer. It shows code insight working! Cool! The compiler screen has more info too! I haven't tested debugging yet, but I have high hope with viewing generics and of course a more stable debugging experience (Win32/Win64) I haven't noticed any faster compilation. My projects are not suitable for such tests. All of them compiles in a few seconds. I still prefer the Dark theme. I haven't noticed any flicking in the IDE and there's clearing a lot more going on. There's absolutely no doubt the IDE improved a LOT. In 10.4.1 when typing [CTRL+SPACE] to call the form methods nothing was shown. You had to type method declarations / parameters.. Very annoying. They fixed it in 10.4.2! Cool! We can click "Inherited" Cool! Can wait to start debugging my projects!

Also started with Turbo Pascal , Turbo C, Paradox et al. ... since then always learning something new everyday

I use a profiler and I try to avoid wasting memory allocation. I've seen code searching for POST,PUT,GET,DELETE in a string spread all over the place. Why does one need to search so much? Parse and search once. Use enumerated types. There's a plethora of ready to use structures. Sometimes too KISSy is not KISS but simply S.

Hi, I'm using D10.4.1. Recently I switch to FastMM4 from github ( 4.992 ) to track down some (unexpected) leaks. With the embedded version of FastMM4 those leaks were not reported. I manage to find all of them.. But when I close the application the below exception is raised.. I thought it was memory leak related , but even after removing all leaks, it continues to "kind of" show. I google that address to see if has a meaningful magical number but I found nothing. No matter for how long I use the application, or what screens are opened/closed. Always the same address. If I close the main form without opening any other forms, the program exits normally. if I either open one form, or all the application's forms , the below exception is raised: --------------------------- Debugger Exception Notification --------------------------- Project Project007.exe raised exception class $C0000005 with message 'access violation at 0x02099099: read of address 0x74be973f'. --------------------------- Break Continue Help --------------------------- If I press the "Break button" then this is shown: The call stack: The call stack first line points to "FastMM_FullDebugMode.dll" which is in the same path as the executable. I'm using the precompiled version 32 bits. The "Build configuration" is set to DEBUG. If I run "With Debug" (F9) the error is raised. If I run "Without Debug" (CTRL+SHFT + F9) no error is raised. There's no memory leak no matter what version of FastMM4 runs. FastMM4 is set to report as follows: If I uncheck RawStackTraces the exceptions no longer is raised. Can I gracefully ignore "RawStackTraces" and leave it unchecked, or there's a bomb in my code?! TIA

Anyway thanks for your help. I will do some more tracking to be sure I'm not messing TdxAlphaColors in any way. But I'm using their skins and all of their components. So it might well be some acceptable exception. I will check with their support. Thanks a lot for your help!

I managed to get the typeinfo. The addess in my code has changed, but all the others are the same. The $692BB8 became $6AC4D8. This is what I came up with: Is this correct? I installed the trial version of EurekaLog, activated it, set all the trace raw stack options and nothing happens. No report is produced or dialog displayed. If I force an exception in my application it does kick in. Even the exception raised by FastMM4's RawStackTrace option is no longer raised. Since there's a lot of options to set up, I will have to play a little more with it. As soon as I deactivate EL, the exception raises back again iif FastMM4's RawStacktrace is set.

First of all let me thank you very much for such great explanation! Once I unselected "AlwaysAllocateTopDown" the address changes every time, but it still a high address access violation at 0x02089099: read of address 0x755f973f'. access violation at 0x02099099: read of address 0x755f973f'. access violation at 0x020d9099: read of address 0x755f973f'. So far I manage to pass by all finalization sections. The RTL code that executes the finalizations is a while loop with a decreasing counter and in my case the count start at 732 and the error is raise when that counter reaches 196. At that point all my finalizations passed ( they ended by 650). When entering the correct point (entry 196) I can just follow up a few "Tobject.Free" methods and the exception is raised. No qualified named to help me locate the code. I'm using "debug dcus" and almost all my debug settings are on. That's what I was afraid of. And of course that bomb will only explode at customer's

Hi, I'm experimenting some interface design and came up with the following: I would like to query a BaseClass instance if it supports a given interface, without freeing the class! As the example below, my great grand child class can support an interface, but I don't want to include the class definition ( great grand child class ) in the Base class.. So, by defining interfaces, I can write exactly what I want: TMyFrame = Class( TBaseFrame, {SupportedInterfaces}) In the code below procedure TForm22.Button1Click(Sender: TObject); begin if Supports( fBaseFrameClass, ISupportTask ) then (fBaseFrame as ISupportTask).CheckTask; end; No matter what overload Support method I call, fBaseFrame is freed once the method exits. Is there a way to know if my class instance supports an interface and call the corresponding method without messing ref counting and free the class instance prematurely? unit frm.main; interface uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls; type ISupportTask = Interface ['{3F785F20-7C44-4163-B55C-5EA267C7204E}'] function CheckTask : Boolean; end; ISupportList = Interface ['{9B7D95E1-DA96-475A-9A1C-910CAF99E5F5}'] function ListCount : Integer; End; ISupportItem = Interface ['{ACADFA2F-3500-4ACB-8049-F49FAC38EFB2}'] function SaveItem : Boolean; End; TBaseFrame = Class( TInterfacedObject ) protected fDummy : Boolean; End; TBaseFrameClass = Class of TBaseFrame; TMyFrame = Class( TBaseFrame, ISupportTask, ISupportList, ISupportItem ) public function CheckTask : Boolean; function ListCount : Integer; function SaveItem : Boolean; destructor Destroy; override; End; TForm22 = class(TForm) Button1: TButton; procedure Button1Click(Sender: TObject); procedure FormCreate(Sender: TObject); procedure FormDestroy(Sender: TObject); private { Private declarations } fBaseFrameClass : TBaseFrameClass; fBaseFrame : TBaseFrame; public { Public declarations } end; var Form22: TForm22; implementation {$R *.dfm} procedure TForm22.Button1Click(Sender: TObject); begin if Supports( fBaseFrameClass, ISupportTask ) then (fBaseFrame as ISupportTask).CheckTask; end; { TMyFrame } function TMyFrame.CheckTask: Boolean; begin Result := True; end; destructor TMyFrame.Destroy; begin fDummy := True; inherited; end; function TMyFrame.ListCount: Integer; begin Result := 42; end; function TMyFrame.SaveItem: Boolean; begin Result := False; end; procedure TForm22.FormCreate(Sender: TObject); begin fBaseFrameClass := TMyFrame; fBaseFrame := fBaseFrameClass.Create; end; procedure TForm22.FormDestroy(Sender: TObject); begin fBaseFrame.Free; end; end.

Hi Gustav, The sample code and example program you provided are helping me a lot! Thanks you!

Hi Remy, Thank you very much for your insight! I learn something new every day! I will do some testing and get back.. This subject is cool!

I'm considering this implementation... I was hoping there was another way.

Hi David, I tried every Support overload with the same effect. As it says in the documentation, there's a big Warning explaining exactly what I'm experience. Either I forget about freeing the class, which is Ok because I will always implement some interface in my Classes, or I'll have to change overload the reference count methods. I was hoping for a third choice..

Hi Dalija, My class implements several interfaces, I want to check which interfaces are implemented and call the corresponding methods using some parameters. I wasn't expecting that Supports would also have this "side effect", although the documentation is clear about the destroying part...

Happy new year! By the end of 2020 I was surprised by a new customer who said he didn't want a "Delphi software", because Delphi was unsafe for his business. His software got hacked. Since that was a first, I got more information about what happened and what that security breach was all about. The hacker discovered the manager's password by tampering the application executable. I don't know what tool was used, but all password editors were showing the actual password instead of '*'. Not only in editors, but in grids too. The application had a feature that requested a manager password to allow changes in some fields. That screen was gone! Any employee could modify, delete, or include data without restrictions. Even some restricted data were display for everyone. I couldn't see the application source code, or get more information. But have you ever heard of such a tool that could tamper resources as much as this ? Clément

From what I can tell, usually the first requests are most "dangerous". For example, you can hash a password, all a hacker have to do is use that same hash. If he knows where to send it, you got a problem. But if I can hide the URL of the "firsts" connections it will make harder for a hacker to identity what the protection schema is, and buy us some time until he is figures out what he is dealing with. My WebServer is already using JWT with AES encryption. After the initial requests it will get harder to hack. I'm considering using also encrypted URL for all the other requests. But still, something to look forward to. Another trick I'm using to gain time ( I guess it's safe to comment here ) : I'm going "hacker fishing" . Some of you may remember I fell victim of a nasty ransomware a few months ago. I was able to recover everything. I've being drinking coffee over this and what caught my attention was the time spend to encrypt my HUGE glyph image library. The security factor here is HUGE and TIME. The more time hacker spend hacking, the more time we gain to react! ( I know, I know, I'm a modest genius ) I googled RFCs for anything I could use, and this is what I came up with: 1 - Some ports are bound to some specific protocols, and some protocols have initial banners. 2 - Some ports are bound to some specific functions, or remote operations, like directory listings and or file downloads. 3 - Brute force attack usually try to find opened ports, but still, they search for ports in a certain order. 4 - Most of firewalls shut ports closed. This will help them scanning all the range port set looking for a breach. There are tons of code in google helping them scan for opened ports in seconds! But what would happened if some ports are intentionally opened with "fake server" listening to them? And why not "add more security" with a nice user/password: admin/1234 ? For 1: there's nothing on RFC that limits the size of a Banner. The server is generating a 20TB banner for our unwanted guest. If he stores the banner it will create a disk space problem, or at least, this would slow down his attack until the whole banner is downloaded. For 2: the server generates over a million files to download. Had any of you try to use Windows Explorer with a folder with over a millions of files? Again, it will slowdown the attack. And while the fake server is keeping our unwanted guess busy, it is also including their IPs addresses to the firewall black list ...

I did some testing, and the largest URL encrypted with pre shared key and encoded base64URL reaches 600 chars.. It's recommended to keep URL under 2000 chars. This might do the trick! Thanks

I will use HTTPs with certificate, but tools like fiddler can bypass HTTPS, and I believe a company with a proxy setting could easily be hacked. I do believe this is way over my grade of concern, but since the first line is plain text, it would be nice to add some more slow downs. Ex: I don't want to receive thousands "token requests"..

There are some tricks we might use in our app to help slowing down an eventual attacker. But given the fact that even windows get hacked... not much hope in that area. Anyway, I would like to ask if there's something we can do regarding REST. More specifically the HTTP header. This is just an example to help illustrate the problem: POST /api/2.2/auth/signin HTTP/1.1 HOST: my-server Content-Type:application/json Protecting the first line is my objective. Would it make any sense to protect it? For example: POST /api/Mi4yL3RoaXN3b3VsZGJlcHJvdGVjdGVkd2l0aEhNQUMyNTYvZm9yZXhhbXBsZQ== HTTP1.1 HOST: my-server Content-Type:application/json Is there anything we can do about this, or just leave it opened? The application will communicate only with this particular WebServer. I don't have to worry with other WebServers (apache or IIS for example)

Hi, Just want to point out this is a new customer that already has a running application written in Delphi. I might be hired to fix/upgrade/replace it. He bought the software to keep it in-house, and after a few months he got hacked. He was using the latest version, and I was asked to recompiled the project and get rid of all those problems. The company sold the application with sources to the application but no 3rd library sources are included. I can't rebuild the project. He must buy a few libraries first. As far as I can tel, it seems he got a nasty virus that modified the program resources. I explained it wasn't Delphi's fault, and that could happen to any software. In fact I found other applications that were crippled too. He seemed to understand... I run several antivirus, nothing was detected. So the virus just crippled the software and destroyed itself. As for the application. It is written in Delphi XE. Some passwords are hard coded and disclosed to some managers. But that was not the issue. The screen where that password should be entered is bypassed, and even if the screen was displayed, the editor where the password is typed in will display the password! Holy cow! Hopefully I managed to convince them to update to Delphi 10. Time will tell

I'm also using DevExpress a lot and never experience such startup delay. I'm autocreating Main Form, and some data modules (image lists, skin controllers, and the like ) required for the whole lifetime of the application. I'm creating manually everything else, including the login form. I'm having a painting performance issue with their forms, especially with acrylic effect.

One can only hope Emb will keep the CE project alive! Some friends and ex-coworkers had to move to VS over the past few years are using CE to built secondary projects, mostly indoors, so no real revenue comes from it. The unexpected factor came from VS programmers that liked working with Delphi, and actually enjoyed programming. Last I heard from them, they were considering buying licenses for a second mainstream project. 4% annual increase is nothing compared to what we are going through here ( Brazil ). The exchange rate went from 4.3 to almost 6 in the past 10 months... Almost 40% increase, given that our salaries are frozen, and most companies are revising they contract fees downwards, it's already a problem. If you consider that Emb also increases the license value, it's not crazy to expect over 60% increase in an year. This makes even the professional SKU too expensive for ISV and small companies to afford. Several companies, either I worked for, or friends I worked with, won't move passed XE because Delphi ecosystem is too expensive. The value of the upgrade (XE to 10.x) + 3rd party components( XE to 10.x) + retesting (Changes since XE) is more expensive than the project budget itself, and I'm talking about almost an year project timeframe. Those moved for good to MS which offers more products for the same value ( not only language, but access to all Microsoft product line and support). There's still a lot of bureaucratic work to package good cost/benefit SKU. Delphi is still using the same SKU model for decades. Someone have to tell them the market had changed since then. Students and teachers must rediscover delphi. Managers must be confident the investment/product quality in Delphi will meet or exceed expectations. Not easy at all.