Jump to content

mjustin

Members
 View Profile  See their activity

  • Content Count

    80

  • Joined

  • Last visited

  • Days Won

    2

Posts posted by mjustin

  1. Posted · Edited by mjustin

    1 hour ago, DelphiUdIT said:

    A standard certificate (similar to that of the server) on the client side is not applicable because the files are exposed, especially the private key even if protected by a password, and anyone who can access the station could "copy" it. 

    A client certificate should be stored in a safe place, which is not even accessible / exportable by the logged in user.

    Just an idea: using a cert store, the certificate may be installed with private keys marked as not exportable.

    Reference: How to protect private key for client cert in machine store? Is it acceptable for it to be exportable?

    https://security.stackexchange.com/q/260614

    The accepted answer describes a different solution, using a 'user cert store'. If I understand correctly, other users would not be able to access the certificate and private key.

  4. Posted · Edited by mjustin
    call HttpServer.Stop

    4 hours ago, tgbs said:

    So far I haven't seen any other way to make it go forever other than some variant of looping. Either with sleep, or with CheckSynchronize.

    I have not used it in my programs, but SyncObjs.TEvent seems to be standard practice (and should be available on the Linux platform)

    Draft code:
      

    begin
  HttpServer := TMyHttpServer.Create;
  try
    HttpServer.Start;
    // now the server is processing requests
    // wait for terminate signal
    while MyEvent.WaitFor(MaxInt) <> wrSignaled do;
    // now terminate
    HttpServer.Stop;
  finally
    HttpServer.Free;
  end;
end;

    The handler code for the http://webserver:port/stopserver URL would call MyEvent.SetEvent, and this will cause to leave the WaitFor loop.

    • Like 1

  5. Posted · Edited by mjustin

    On 3/8/2023 at 2:06 PM, tgbs said:

    Sorry, but could you give an example of how you organize a loop in a linux console program and an Indy httpserver. Is there an option without a sleep() or while?
    I need this program run forever or until I stop via route to webmodules action. Thanks

    Maybe this helps:

     

    "How can I keep a Free Pascal console application running "forever"?"

    https://stackoverflow.com/questions/14090697/how-can-i-keep-a-free-pascal-console-application-running-forever

     

    (it is related to the Indy TIdHTTPServer also)

     

    Basically a ReadLn could be a solution to keep the server running. But this does not answer the "or until I stop ..." part of your question and is worth a separate question. 

    I suggest to ask the question as a new post in the Delphi-Third-Party / Indy subforum at https://en.delphipraxis.net/forum/35-indy/.

     

  6. Posted · Edited by mjustin

    45 minutes ago, J23 said:

    Neither GMail nor Microsoft allow Basic authentication

    https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

    This page says for SMTP it is still accessible without modern authentication, and explains why (existing hardware which can't be updated):

    Quote

    The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication.

    (Yes, the text on this page may be hard to read, as it is related three types of authentication - Basic authentication, SMTP AUTH. and modern authentication). But regarding Basic authentication and SMTP AUTH, it gets clearer by reading the the linked article "Improving Security - Together" at https://techcommunity.microsoft.com/t5/exchange-team-blog/improving-security-together/ba-p/805892

    Quote

    Please note this change does not affect SMTP AUTH – we will continue supporting Basic Authentication for the time being.  There is a huge number of devices and appliances that use SMTP for sending mail, and so we’re not including SMTP in this change

     

     

    But if SMTP AUTH is not permitted (and therefore not enabled) by the organization, there are little choices. Microsoft recommends using the Graph API:

    Quote

    In 2018, we announced that Exchange Web Services would no longer receive feature updates and we recommended that application developers switch to using Microsoft Graph.

     

     

  7. Posted · Edited by mjustin

    4 minutes ago, J23 said:

    Thank you, I know that,

    but problem is IMHO with modern authentication - OAuth2 or using the graph.microsoft.com

    Can you be more specific, what is the exact problem? SMTP can still be used with basic auth. Modern Authentication is not required. (However, it is a security option, which can be enforced and configured by the organization)

  8. Posted · Edited by mjustin
    Updated links to announcements

    On 3/5/2023 at 10:26 PM, mvanrijnen said:

    i believe EWS is deprecated

     

    It will not receive any feature updates, see this note on https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

    Quote

    "In 2018, we announced that Exchange Web Services would no longer receive feature updates and we recommended that application developers switch to using Microsoft Graph. See Upcoming changes to Exchange Web Services (EWS) API for Office 365."

    Original announcement is here:

    https://techcommunity.microsoft.com/t5/exchange-team-blog/upcoming-changes-to-exchange-web-services-ews-api-for-office-365/ba-p/608055

  9. Posted

    On 3/5/2023 at 7:33 PM, J23 said: 
    
I decided that now I will only change the configuration and send an e-mail from O365. Failed to.

    According to https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353

    sending e-mails via SMTP from Office 365 / Microsoft 365 should work with these settings:

    • Server: smtp.office365.com
    • Port: 587
    • Encryption: STARTTLS

    User name / Password: as given in https://account.microsoft.com/

     

  10. Posted

    In https://stackoverflow.com/questions/71993040/delphi-11-1s-firedac-and-mysql-ssl-connection-error-unknown-error-number there is one fresh comment saying "I solved the same problem today, downgrading the MySql version to 8.0.23", and one answer "I installed and uninstalled MySQL (and MySQL Workbench and MySQL Script) probably 10 times. The last install worked. I have no idea why this was necessary.". Maybe this or one of the other answers / suggestions may be helpful.

    • Like 1

  11. Posted

    2 hours ago, adyble said:

    In theory using the 32bit SSL DLLs should work but it just gives this error - 

     

    [FireDAC][Phys][MySQL] SSL connection error: unknown error number.

    Which exact versions of the 32 OpenSSL DLLs have you tried? Are they 1.1.x or 1.0.x versions?

  12. Posted · Edited by mjustin

    On 3/4/2023 at 11:20 AM, Rollo62 said:

    They say IE11 and Safari works, at least Safari should be fine.

    Next week I will go through the Sectigo CSC request again, it worked well last year. Not sure which browser - IE or Edge - I used last time.

    The reseller gives step-by-step instructions for Edge configuration are detailed and include many screenshots.

    They also offer the option to send a CSR, instead of using a browser. Maybe this is an option for those where the IE / Edge is not working as expected.

    I don't have experiences with K-Software, as I use a different reseller (PSW).

  13. Posted · Edited by mjustin

    android.content.ServiceConnection is an interface (see https://developer.android.com/reference/android/content/ServiceConnection)

     

    Your code must (aquire or) create an instance of a class which implements this interface. If you create it in your code, you must at least implement the two non-default methods, as shown in your Java example.. 

    type 

  TMyServiceConnection = class (TInterfacedObject, JServiceConnection)

  public

    procedure onServiceConnected(JComponentName name, JIBinder service); 
    procedure onServiceDisconnected(JComponentName name);

...

     

     

  14. Posted · Edited by mjustin

    The 2023.02 release adds new adapters for mORMot 1 and 2, in addition to the Internet Direct (Indy) and Synapse (r266) adapters. This release contains:

    Release 8.0 brings minor breaking changes, please check the included "Getting Started" documentation (PDF).
    Release notes:
    Full release notes can be found at: https://www.habarisoft.com/release_notes.html
    Home page, demo download, full documentation: https://www.habarisoft.com/

  19. Posted

    ScroogeXHTML for Object Pascal is a library which supports a subset of the Rich Text Format (RTF) standard.
    It converts RTF to HTML5 and XHTML standalone documents, or to fragments which can be embedded in other documents.
    ScroogeXHTML is compatible with Delphi 2009+ and Free Pascal 3.2.0.
     

    Home page, Getting Started PDF, and demo download:
     https://www.scroogexhtml.com/object_pascal.html
    API online:
     https://www.habarisoft.com/scroogexhtml/8.3/docs/api/
     
     
     
    •  

  20. Posted

    Regarding support for the latst TLS/SSL, TLS 1.3 is not included in the trunk version of Indy, but there is a pull request which adds TLS 1.3 support (see https://github.com/IndySockets/Indy/pull/299). Other options to enable 1.3 are available by attaching a commercial SSLHandler.

     

    Regarding GMail: two-factor authentication input is usually performed using the system browser. Indy's HTTP server is not involved in this step. Maybe you can be more specific what you are missing in Indy?

     

    Indy is definitely still supported, and included in all versions of Delphi and working on Windows 10/11. You may download it from GitHub: https://github.com/IndySockets/Indy

     

    p.s. regarding TLS/SSL webservers: you may place the (Indy-based) HTTP server behind a reverse proxy such as nginx or Apache HTTPD. The reverse proxy will do all the encryption work, while Indy still only uses HTTP. The reverse proxy must be configured so the clients will communicate with the proxy only. This has many advantages (think of automated certificate renewal for Let's Encrypt).

     

     

  21. Posted

    The SQL for Query2 must contain a WHERE clause to filter out only the rows for the selected employee ID.

     

    Also the GROUP BY can not not work because its SELECT clause does not use aggregate functions. GROUP BY id also makes no sense at all, as ID is the record id in the payment table.

     

    • Like 2

  23. Posted

    11 hours ago, DelphiUdIT said:

    If one publish a "retain" message, this message will remain "online" until it will be clean or override (eg. publish another message, retain or not). While the message is retain every one can subscribe and receive it. If the message it's clear or override, it's lost for ALL. MQTT is designed to maintain only the last message. Of course I talk about one "topic", one can publish as many topic as he wants.

    Thanks for clarifying, it is important to know that MQTT refers to the MQseries product from IBM and has nothing to do with “message queue“ 🙂  

     

    Some introduction posts which might be useful for others:

    https://www.hivemq.com/blog/mqtt-essentials-part-1-introducing-mqtt/ and https://www.hivemq.com/blog/mqtt-essentials-part2-publish-subscribe/

    • Like 1

  24. Posted · Edited by mjustin
    shortened the quote

    1 hour ago, DelphiUdIT said:

    ... But remember that MQTT is not a database, it doesn't present you a storytime of alerts, it works on time basis and is totally asynchronous. If i publish a message (thinking that is a retain), until this message "stay" there all can view that, but when the message will clear (or change) .... who read the message its ok, the workstations that were offline and cannot read that "lost that message".

    Not sure if I understand the scenario, but messages can be configured so users will see them when back online. This is called a durable client (or durable subscription).

    For reference see https://stackoverflow.com/questions/34150452/receive-offline-messages-mqtt

    So, somehow the broker is a database, but specialized for asynchronous messaging.

     

    (Disclaimer: I dont have any 'expert knowledge' with MQTT, but its features are very similar to those of other open source message brokers I am using)

     

     

  25. Posted

    1 hour ago, mikak said:
    1. install local mosquito server and use TMS mtqq client

     

    Messaging over MQTT (or STOMP etc.) has the advantage that there is a dedicated server for communication, which handles message integrity, redelivery, persistence already out-of-the-box.

    There are many MQTT-capable message brokers available besides Mosquito. It depends on your target infrastructur and client types which is the best choice.

    For example, these message brokers support MQTT (and many other protocols):

    * Apache ActiveMQ (classic) - https://activemq.apache.org/components/classic/

    * Apache ActiveMQ Artemis - https://activemq.apache.org/components/artemis/documentation/

    * RabbitMQ - https://rabbitmq.com/documentation.html

     

    They also seem to support MQTT over WebSockets, which means clients may just use the HTTP port to connect.

     

×