irigsoft

Hi, I give you example how to do it with delphi, but you can find more examples and try to print directly without PrintDialog (because dialog shown on server side and can't be usefull) @Woutero, here is some kind of examples: https://forum.lazarus.freepascal.org/index.php?topic=47640.0 Printer.SetPrinter('Microsoft Print To PDF'); Printer.Copies:=1; // PrintDialog1.PrintToFile:=true; // Printer.FileName:=suggestFileName()+'.pdf'; doPrint(); "For me your code is working. Please see attached demo. It checks whether the "Microsoft print to PDF" printer is available, selects it and sets the filename by setting the FileName property. (When the printer is not found it opens the PrintDialog)." https://forum.lazarus.freepascal.org/index.php?PHPSESSID=lhgjmk83bcjm7trnihen5tbt77&action=dlattach;topic=47640.0;attach=34509

Hi, why dont use just print to Windows PDF printer and show saved (printed) document to user? https://stackoverflow.com/questions/25371291/print-a-string-directly-to-printer https://www.delphibasics.co.uk/Article.php?Name=Printing https://www.google.com/search?q=delphi+print+to+printer&oq=delphi+print+to+printer&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIICAEQABgWGB7SAQg1Njg4ajBqN6gCALACAA&sourceid=chrome&ie=UTF-8

For Your need, best solution will be AI. We will wait for this option on unigui

So, this mean that all will be saved on DB. Can you create some Server Side protection based on examples from link above

Hi, maybe this will help to apply some proposal for protection : https://stackoverflow.com/questions/273516/how-do-you-implement-a-good-profanity-filter list with bad words (couple languages): https://github.com/LDNOOBW/List-of-Dirty-Naughty-Obscene-and-Otherwise-Bad-Words where do you get these obscenities in unigui interface?

Hi, maybe this will help:

Professional - 1.9.1551

Hi, I don't have Source Code.

Hi, I'm going to add a new way to protect cookies, but I can't test it, if someone can confirm my code is working I'd appreciate it. add to MainForm.Script this: function getCookie(name) { const value = `; ${document.cookie}`; const parts = value.split(`; ${name}=`); if (parts.length === 2) return parts.pop().split(';').shift(); }; //function setCookie () { var keyValue = getCookie ('UNI_GUI_SESSION_ID'); document.cookie = 'UNI_GUI_SESSION_ID=' + keyValue + ';Secure=true;SameSite=Strict'; keyValue = getCookie ('UNI_GUI_SESSION_ID'); document.cookie = 'UNI_GUI_SESSION_ID=' + keyValue + ';HttpOnly=true'; //};

Hi, I'm going to add a new way to protect cookies but I can't test it, if you can confirm my code is working I'd appreciate it add to MainForm.Script this: function getCookie(name) { const value = `; ${document.cookie}`; const parts = value.split(`; ${name}=`); if (parts.length === 2) return parts.pop().split(';').shift(); };//function setCookie () { var keyValue = getCookie ('UNI_GUI_SESSION_ID'); //alert (keyValue);//setCookie(key, keyValue, '-1'); document.cookie = 'UNI_GUI_SESSION_ID=' + keyValue + ';Secure=true;SameSite=Strict'; keyValue = getCookie ('UNI_GUI_SESSION_ID'); document.cookie = 'UNI_GUI_SESSION_ID=' + keyValue + ';HttpOnly=true'; //};

If someone already make it , please help. How do I block duplicate GET URL parameters? HTTP Parameter Pollution (HPP) : https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution Insecure direct object references (IDOR) : https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References

I work to secure my Stand Alone app. Now I am on HTTP Parameter Pollution (HPP) and Insecure direct object references (IDOR). I need to check and disable if there are some security issues with URL Parameters and POST Parameters. to succeed i need to block HTTP Parameter Pollution (HPP) : 1. On UniGUIServerModuleHTTPCommand, I check ARequestInfo.Params 2. On UniGUIMainModuleHandleRequest, I check TUniGUISession(ASession).ARequest.Params 3. On UniMainFormCreate, I check UniApplication.Parameters, but if it is possible to capture and check the POST parameters at these 3 points, that would be even better. If someone can help, please advise. More info about problems: https://www.imperva.com/learn/application-security/http-parameter-pollution/ https://www.imperva.com/learn/application-security/insecure-direct-object-reference-idor/ https://medium.com/@jetti.dinesh/insecure-direct-object-reference-idor-vulnerabilities-df551431eb7b https://portswigger.net/web-security/access-control/idor

Hello. I need to handle and check all parameters sent with POST request, need to check if is parameters (username and password) are with valid data before use it . Is there a something like ARequestInfo.Params on uniServerModule that I can use ? like this example: POST /users HTTP/1.1 Host: bookstore.com Content-Type: application/x-www-form-urlencoded Content-Length: length username=BookLover101&password=SecretPassword In this example, the first line, `POST /users HTTP/1.1` indicates a POST request. The `Host` is where the request is being sent. The `Content-Type` tells the server what data is being sent (in this case, form data), and `Content-Length` specifies how long the body data is.

this not work for me. http and stand alone app, but httponly cannot be changed, by this way

Hi, a new questions about this cookie 1. Is it possible to set HTTPOnly = True? 2. Is it possible to change name on the "UNI_GUI_SESSION_ID" cookie ? because: "Configuring a cookie with the HTTPOnly flag forces the web browser to have this cookie processed only by the server, and any attempt to access the cookie from client-based code or scripts is strictly forbidden. This protects against several type of attacks, including CSRF."

We are currently under an electromagnetic storm so this may stop communications for some services ! March 24, 2024 at 6:00 pm Eastern Time In an urgent communication dated March 24, 2024, the Space Weather Prediction Center (SWPC) announced a significant geomagnetic disturbance, marking a severe escalation in space weather conditions. https://www.swpc.noaa.gov/news/geomagnetic-storm-watches-issued-24-25-march-2024

1. I am sorry but this seems like an attack. Is all this server under one domain name ? 2. Are You using some proxies 3. We also use unigui servers and no such outages have occurred, in which country are your customers/suppliers?

Hi. I add here solution that maybe useful for someone: https://www.experts-exchange.com/questions/26933022/How-to-lock-out-a-file-or-path-from-within-a-Delphi-app.html question: How to lock out a file or path from within a Delphi app? proposal: try this; rename the folder you want to test to; from: New Folder1 to: New Folder1.{ED7BA470-8E54-465E-825C-99712043E01C} So, when your Delphi program rans?, it rename back to New Folder1 rename file code; lock folder; renamefile(New Folder1, New Folder1.{ED7BA470-8E54-465E-825C-99712043E01C}); and back unlock folder; renamefile(New Folder1.{ED7BA470-8E54-465E-825C-99712043E01C}, New Folder1 ); explanation: {ED7BA470-8E54-465E-825C-99712043E01C} is one of several special names that the Windows systems recognize and treat in different ways. For instance, the control panel 'folder' has a special icon and there are some things you are not allowed to do with the folder or its contents. I think this particular folder identification was introduced in Win7. Many writers have named it the "God" folder. more info: https://en.wikipedia.org/wiki/Windows_Master_Control_Panel_shortcut https://answers.microsoft.com/en-us/insider/forum/all/god-mode-other-windows-10-tips-tricks/9e81e023-9179-4b59-9937-f1e9aab537b4

thanks, but now this message is shown and again: does this code also apply to hidden TuniLabel ?

I just want to extend knowing about why is important to disabling SSL and old TLS version How to prevent and repair POODLE attacks and BEAST attacks Any server that supports SSL 3.0 and older versions of TLS is vulnerable to a POODLE attack. Modern versions of TLS are safe, and today's browsers block sites that use old versions of TLS (1.0, 1.1). A server configured to support only newer protocols (TLS 1.2, 1.3) prevents the possibility of a POODLE attack. This information is also for those who think that using https is quite enough to protect their web applications !

.

@Sherzod, did You can share with me Is it possible to protect (some how) my StandAlone application from Session Hijacking . I know methods like: using VPN, not using open Wifi, don't open suspicious emails, but there all is from User Side and I don't have control over it. I need some methods that I can apply on Server APP. 1. I have protection from XSS 2. I already use Session Restriction like srOnePerIP/srOnePerPC 3. I already use short time of SessionTimeout 4. I have https now I need: https://www.linkedin.com/advice/1/what-best-ways-prevent-session-hijacking#monitor-and-audit-sessions 1. to check User's data when session is opened and work with it! 2. Set SessionID Coockie = Secure and HTPPOnly Or You can just tell me: "We have Session Hijacking protections, You need to do this ......"

Yes, I know. 1. procedure TUniMainModule.UniGUIMainModuleCreate(Sender: TObject); begin mInnerSessionID := UniSession.RemoteIP; end; 2. When I use this on TUniServerModule.UniGUIServerModuleHTTPCommand begin sSessionID := ExtractSessionId(ARequestInfo.UnParsedParams); SessionManager.Sessions.Lock; for I := SessionManager.Sessions.SessionList.Count - 1 downto 0 do begin Try U := SessionManager.Sessions.SessionList[I]; // Check mainModule availability. Some sessions may not have a MainModule instance if (U.UniMainModule <> nil) then begin //Access custom MainModule variable if (U.SessionId = sSessionID) then begin TUniMainModule (U.UniMainModule).sInnerSessionID := ARequestInfo.RemoteIP; end; end; Except End; end; SessionManager.Sessions.Unlock; end; end; 3. procedure TUniMainModule.UniGUIMainModuleHandleRequest(ASession: TObject; var Handled: Boolean); begin if (mInnerSessionID <> sInnerSessionID ) then begin Handled := True; TUniGUISession(ASession).Terminate ('Session is closed'); end; end; then this work ! This is slowdown the server when I have more then 50 active session, so I search solution without using TUniServerModule.UniGUIServerModuleHTTPCommand

I try on Laptop Win 7 Chrome, it it's not work again. In my code (that I write above) is not change RemoteIP (using TUniGUISession(ASession).ARequest.RemoteIP) when I change network

Yes, I will try.