Search the Community

Have apps that use the createprocess and some that use shell obj to call OS related things. Now IT is/has to lock down security on server and is planning on removing access to all cmd.exe(not sure what ALL means but guessing they are going to remove it) and the powershell and all of its function from users. Does anyone know if removing access to cmd.exe will break createprocess or shellobj? irony is that i don't have rights the rename the cmd.exe to test on my own.

So, my project group with 25 applications, built 7.6M lines of code in 3 min 16 secs without a hitch on my Lenovo P16. I was not surprised, having already tested the builds in my VM during the subscriber beta. But - when I ran the applications against certain production systems - I got an error I had never seen before. After numerous fiddlings with breakpoints, I discovered that the hosts that failed all were ip.ad.dr.es\instance instead of hostname\instance. When googling the error message, I eventually found references to Kerberos security failure and spelunking further, I found a suggestion to add the following to the connection string: In Delphi code, that means adding FDConnection.Params.Values['ODBCAdvanced'] := 'TrustServerCertificate=yes'; to your connection initalization code. Studying the release notes after 11.1, the 11.2 release states which is the one I had installed, but perhaps the Kerberos authentication bit was ignored because the older FireDAC code didn't twiddle the right params? Anyways - problem solved - No more The target principal name is incorrect for ip address host names.

Anyone here with RADServer setup experience? I'd like to find some advice or resources on how to secure the Server besides the SSL certificates and usual Apache/NGinx stuff. It would be more on how to avoid anyone being able to hack into the server and change/get data just by using the URL. Using DataSource parameters is a good way to avoid escaping all URL characters and avoiding SQL injection. Found that: https://blogs.embarcadero.com/tech-tip-how-do-i-secure-rad-server-for-production-deployment/ But besides that? It seems to me, without practicing, that passing everything via the URL is a wide open door to guess what could be other URL keywords, variables, etc... I want to make sure that calls are, in a way, logged in with credentials before accessing anything and get answers from the server. That kind of things. I read David I hands on RadServer document, but it's more focused on how to use it for Rest than actually securing it. Thanks for any help and lights on RadServer deployment.

I am looking at a non-https intraweb application. I see the iW authorization components and the Autherevent looks promising. I see that placing it on the servercontroller and using the oncheck event I get what I need. Before anything happens when connecting to the iw web server the prompt comes up. When this is sent back to the server from a browser is that message encrypted in anyway with iW functionality or is it open html text? Thanks in advance

Hello all, I'd like to know if it is possible to activate the FastMM4 Option "AlwaysClearFreedMemory" temporarily/on demand in code? The reason being that some of my routines work with confidential passwords/hashes. Delphi often uses temporary "hidden" strings and interfaces (for example when concatenating strings) so there's the risk of legible stuff remaining in RAM when such a routine exits.

Devart, a recognized vendor of professional database management software and Delphi data access components for developers and DBAs, has released SecureBridge 9.1 with support for macOS 64-bit, Lazarus 2.0.4 and the SignalR protocol 2.2. Other notable updates include a new elliptic Diffie-Hellman key exchange algorithm and improved certificate server verification for the TLS / SSL protocol. The full list of new and improved features inсludes: macOS 64-bit is supported; Lazarus 2.0.4 is supported; Support for the SignalR protocol version 2.2 is added; The TScHubConnection component to support the SignalR client is added; Support for the x25519 algorithm for the TLS/SSL/SSH protocol is added; Support for Certificate Revocation List (CRL) is added; Certificate server validation in the TLS/SSL protocol is improved; The chunked transfer encoding for sending out data via HTTP/HTTPS is added; The TScHttpWebRequest.BeforeSendData event is added. SecureBridge offers components that can be used as clients and servers for SSH, SFTP, SSL, FTPS, HTTP/HTTPS, WebSocket, and SignalR protocols to protect data flow over an untrusted network. It is also compatible with data access components to prevent data interception and theft. To learn more about the current release, please visit https://blog.devart.com/securebridge-supports-macos-64bit.html. About Devart Devart is one of the leading developers of database tools and administration software, ALM solutions, data providers for various database servers, data integration and backup solutions. The company also implements Web and Mobile development projects - https://www.devart.com/

Hello, Does anyone had any issues with a paid antivirus software with Delphi? I am looking at some options. From av-comparatives.org, I see that Bitdefender and Karspersky and Eset are very good contender. But looking from some posts online, seems that Bitdefender is quite aggressive and wonder if it would interfere with working with Delphi. Any had any trouble with Bitdefender? Or should I stick with Windows Defender? Martin

Hello everyone, A few hours ago, Google sent us a warning e-mail saying that HelpNDoc's installer was tagged as a "Harmful Download". Google chrome (and Firefox) now blocks the download page: https://www.helpndoc.com/download Obviously, the software is signed using a valid paid certificate, and considered safe according to: Virus Total (recommended by Google in this case): https://www.virustotal.com/#/url/9c7132772f4e9fc4d71af6f41ab8af80421918be083e8bdf4228b5a28239cafc/detection Kaspersky: https://whitelisting.kaspersky.com/advisor#search/5a60464c1de8a3792146dfdfb06cdcbd We have requested a review from Google but a few hours later, we received a "Review failed" e-mail. It looks like we are not the only ones based on the posts on the official Google webmaster forum: https://productforums.google.com/forum/#!forum/webmasters I see that the Delphi shop "greatis" seems to have the same problem (we do not use any of their component) but that makes me think that some other Delphi application might be targeted: https://productforums.google.com/forum/#!topic/webmasters/CThwZ6Oq9Ck;context-place=forum/webmasters Did you receive similar security issue from Google ? Best regards, John, HelpNDoc team.