irigsoft

OK I understand problem with global Boolean in this case.

Hello, can anyone tell me how to use a variable in unimainmodule like TuniTreeView using property? Same as TStringList?

Hello, can you explain why? In my needs I use this logic: I have a procedure in uniMainModule one global variable in uniServerModule, the procedure will start running in an active session if the global variable is not True. After executing the procedure in the session, the variable is set to False so that another session can execute it.

Thank you. Now i understand my problem.

hello, I try it with mobile google chrome and is not work. Did You test it by this way ? Professional 1524

thank you, I will try it.

only on top (Captions)

Hello, is it possible to get selected cell on clientSide ?

I make some protection code based on the plan: 3 - using strong passwords (more then 10 symbols) 4 - using hash of passwords on the TUniServerModule.UniGUIServerModuleHTTPCommand TRY unIServerModule.Lock; If FileExists (ExtractFilePath(StartPath) + 'root\BlockedIPList.ini') then BlockedIPList.LoadFromFile (ExtractFilePath(StartPath) + 'root\BlockedIPList.ini'); - reload IP list FINALLY unIServerModule.UnLock; END; IF BlockedIPList.Count > 0 then begin if BlockedIPList.IndexOf (ARequestInfo.RemoteIP) > -1 then begin AResponseInfo.ContentText := '<h1>Access denied</h1>'; point 6 Handled := True; AResponseInfo.CloseSession; GOTO ENDALL; end; end; on the login form BtnLogin.onClick UniServerModule.Lock; try If FileExists (ExtractFilePath(unIServerModule.StartPath) + 'root\BlockedIPList.ini') then unIServerModule.BlockedIPList.LoadFromFile (ExtractFilePath(unIServerModule.StartPath) + 'root\BlockedIPList.ini'); finally UniServerModule.UnLock; end; //block IP if uniMainModule.BruteForceTrys > 5 then begin - point 1 // block IP addres try UniServerModule.Lock; UniServerModule.BlockedIPList.Add (UniSession.RemoteIP); UniServerModule.BlockedIPList.SaveToFile (ExtractFilePath(UniServerModule.StartPath) + 'root\BlockedIPList.ini'); finally UniServerModule.UnLock; end; sleep (100); UniSession.Terminate ('<h1>Access denied</h1>'); - point 6 exit; end; UniGUIMainModuleCreate reload blocked Ip try UniServerModule.Lock; If FileExists (ExtractFilePath(unIServerModule.StartPath) + 'root\BlockedIPList.ini') then unIServerModule.BlockedIPList.LoadFromFile (ExtractFilePath(unIServerModule.StartPath) + 'root\BlockedIPList.ini'); finally UniServerModule.UnLock; end; I added some extras, such as log for IP, which made 2 or more login errors (suspicious IP addresses) 7 - after every next try, slow down answer from server - add some timers to make to wait next login attemp ! 8 - enable OneIpPerUser - ServerLimits.SessionRestrict := srOnePerPC; ServerLimits.SessionRestrict := srOnePerIP;

Thank You. I check if there is need for some other extra when save/load local files or i am wrong. I found error in my code.

I am sorry, i didn't know that, i found uniQuery in some topics.

Hello, I try to save/load BlockedIPList from file when some IP was blocked. May be i make wrong using this: UniGUIMainModuleCreate: try UniServerModule.Lock; If FileExists (ExtractFilePath(unIServerModule.StartPath) + 'myroot\BlockedIPList.ini') then unIServerModule.BlockedIPList.LoadFromFile (ExtractFilePath(unIServerModule.StartPath) + 'myroot\BlockedIPList.ini'); finally UniServerModule.UnLock; end; in UniGUIServerModuleHTTPCommand: If FileExists (ExtractFilePath(StartPath) + 'myroot\BlockedIPList.ini') then BlockedIPList.LoadFromFile (ExtractFilePath(StartPath) + 'myroot\BlockedIPList.ini'); in sepparated procedure blockIP try //UniServerModule.Lock; UniServerModule.BlockedIPList.Add (UniSession.RemoteIP); UniServerModule.BlockedIPList.SaveToFile (ExtractFilePath(UniServerModule.StartPath) + 'myroot\BlockedIPList.ini'); //if UniServerModule.WhiteIPList.IndexOf (UniSession.RemoteIP) > 0 then begin // UniServerModule.WhiteIPList.Delete (UniServerModule.WhiteIPList.IndexOf (UniSession.RemoteIP)); //end; finally //UniServerModule.UnLock; end; UniSession.Terminate ('blocked'); after save/load in one session, I get Access Violation (or Out of Memory) for others

You mention before that: In my case I use TAdoConnection for connection with database, TAdoQuery to execute queries and DBGrid to show results. I using point 1: In some forums in web i found that: To reduce memory usage, for some queries it is good to use TAdoCommand.(Queries without showing of user results) in the case of uniGui you can try TuniQuery.

Okay, I understand what you mean. I use AdoQuery in my practice.

Hello, if I can help with a suggestion. In one of my cases I have to create a unique identifier for each user (session). I use this identifier in several tables. So, If You can create unique ID for every user (and session) then this will be helpful for creating temporary tables name. The collaboration of sessionID, IP addresses, date and Time and some UserID orTerminalID can help you add names like: mytemptable125236 - where 125236 is the uniq ID for this session. Saving uniqID for a session in cookies is useful. You must to know, i don't use Append, Edit, Post and so on. I work only with Queries (INSERT, UPDATE, DELETE) , this help me to use AdoCommand to reduce using of memory. I don't know if this is best practice but i use it in my work.

Hello, Is it possible to record in the log file all actions from one session. In this scenario: a suspicious IP address starts a new session and makes some attempts (gives commands, etc.). I want when the system detects a session from this IP to keep all the actions and attempts it has made. So, it is possible to log exact session in Log file ? Some like uniServerModule.Options.soAllowSessionRecording , but for one session from list.

Example of code here :

I read about this kind of attack (I am not security expert) and there is some problems with protection from this: - if attacker use multiple IP addreses with bots! (GPU PC's from different Ip - this will enable more then 3000 try's per second from one IP address) - more like DDoS attack (use p.1,2,5,7) - if attacker use same user and different passwords on different sessions ! (use p.2,3,4,5) - if attacker use different users and different passwords on different sessions ! (use p.1,6,7) - if attacker know one correct user and password (inner brute force attack) ! (protection is useless) - You must change all passwords and accounts ! Maybe must change log in strategy. To catch this You must have some analytics methods. There are standart technics to slow down attacker: 1 - after some trys to login (brute force attack) - log IP in BlockIPLIst. Block IP of attacker 2 - using reCaptcha - prevents bot's (some reCaptcha is useless !) 3 - using strong passwords (more then 10 symbols) - slow down GPU calculations 4 - using hash of passwords - slow down GPU calculations 5 - disable user account - attacker must change user name 6 - using same error message for different login errors. - prevent to catching user name 7 - after every next try, slow down answer from server - this will slow down GPU calculations 8 - enable OneIpPerUser - this will block many session from one PC from here: https://portswigger.net/web-security/authentication/password-based "For example, you might sometimes find that your IP is blocked if you fail to log in too many times. In some implementations, the counter for the number of failed attempts resets if the IP owner logs in successfully. This means an attacker would simply have to log in to their own account every few attempts to prevent this limit from ever being reached. In this case, merely including your own login credentials at regular intervals throughout the wordlist is enough to render this defense virtually useless."

Do you use a hash algorithm for passwords? Do You know all Passwords are visible like plaintext on Google Console ? Did You protect them from Google Console? Did You try this methods? : https://auth0.com/docs/attack-protection/brute-force-protection Good explanation of methods: https://portswigger.net/web-security/authentication/password-based Brute-Force Protection Brute-force protection, which safeguards against brute-force attacks that occur from a single IP address and target a single user account, is enabled by default for all connections. When triggered, brute-force protection will: - after some try to login (brute force attack) - log IP in BlockIPLIst - Send an email to the affected user. - Block the suspicious IP address for the user. If brute-force protection is triggered, it will be only be removed when: - The affected user clicks on the unblock link in the email notification (if configured). - The affected user changes their password (on all linked accounts). - An administrator removes the block. A good method is also, after the first attempt to show the user recaptcha. Create and apply methods used by kaspersky is a good start: https://www.kaspersky.com/resource-center/definitions/brute-force-attack

Hello everyone, There is a new security challenge here ! the plan: There are standart technics to slow down attacker: 1 - after some trys to login (brute force attack) - log IP in BlockIPLIst. Block IP of attacker 2 - using reCaptcha - prevents bot's (some reCaptcha is useless !) 3 - using strong passwords (more then 10 symbols) - slow down GPU calculations 4 - using hash of passwords - slow down GPU calculations 5 - disable user account - attacker must change user name 6 - using same error message for different login errors. - prevent to catching user name 7 - after every next try, slow down answer from server - this will slow down GPU calculations 8 - enable OneIpPerUser - this will block many session from one PC I make some protection code based on the plan: 3 - using strong passwords (more then 10 symbols) 4 - using hash of passwords on the TUniServerModule.UniGUIServerModuleHTTPCommand TRY unIServerModule.Lock; If FileExists (ExtractFilePath(StartPath) + 'root\BldIPList.config') then BlockedIPList.LoadFromFile (ExtractFilePath(StartPath) + 'root\BldIPList.config'); - reload IP list FINALLY unIServerModule.UnLock; END; IF BlockedIPList.Count > 0 then begin if BlockedIPList.IndexOf (ARequestInfo.RemoteIP) > -1 then begin AResponseInfo.ContentText := '<h1>Access denied</h1>'; point 6 Handled := True; AResponseInfo.CloseSession; GOTO ENDALL; end; end; on the login form BtnLogin.onClick UniServerModule.Lock; try If FileExists (ExtractFilePath(unIServerModule.StartPath) + 'root\BldIPList.config') then unIServerModule.BlockedIPList.LoadFromFile (ExtractFilePath(unIServerModule.StartPath) + 'root\BldIPList.config'); finally UniServerModule.UnLock; end; //block IP if uniMainModule.BruteForceTrys > 5 then begin - point 1 // block IP addres try UniServerModule.Lock; UniServerModule.BlockedIPList.Add (UniSession.RemoteIP); UniServerModule.BlockedIPList.SaveToFile (ExtractFilePath(UniServerModule.StartPath) + 'root\BldIPList.config'); finally UniServerModule.UnLock; end; sleep (100); UniSession.Terminate ('<h1>Access denied</h1>'); - point 6 exit; end; UniGUIMainModuleCreate reload blocked Ip try UniServerModule.Lock; If FileExists (ExtractFilePath(unIServerModule.StartPath) + 'root\BldIPList.config') then unIServerModule.BlockedIPList.LoadFromFile (ExtractFilePath(unIServerModule.StartPath) + 'root\BldIPList.config'); finally UniServerModule.UnLock; end; I added some extras, such as log for IP, which made 2 or more login errors (suspicious IP addresses) 7 - after every next try, slow down answer from server - add some timers to make to wait next login attemp ! 8 - enable OneIpPerUser - ServerLimits.SessionRestrict := srOnePerPC; ServerLimits.SessionRestrict := srOnePerIP;

Hello, try this: if lbOrgans.Selected [i] = True then begin end;

Hello, I use HTML in SQL query like this: SELECT ('<H3>'+ Products."Name" + '</H3>' + CASE WHEN CONVERT (varchar (250) , STUFF ( (SELECT CHAR (10) + '|||' + REPLACE (ParamName,'-','') + CHAR (10) + ParamValue FROM SomeDataArt WHERE SomeDataArt."ID_Art"=Products."ID" FOR XML Path ('')),1,1,'')) <> '' THEN '<h4>' + REPLACE (CONVERT (varchar (250) , STUFF ( (SELECT CHAR (10) + '|||' + REPLACE (ParamName,'-','') + CHAR (10) + ParamValue FROM SomeDataArt WHERE SomeDataArt."ID_Art"=Products."ID" FOR XML Path ('')),1,1,'')) ,'|||','</br>') + '</h4>' ELSE '' END + '<ul><ul><h4 align="right">Price: ' + CAST (ROUND (Products."Price",2) as varchar (20)) + ', ' + lower (Products."Vl_P") + '</h4></ul></ul>' ) as ProductName FROM MyTable So, all useful HTML can be implemented in SQL

Hello, You must set uniMainModule -> RecallLastTheme = True. This will reload selected theme !

Yes, I created mutex and it works for me, but are there any features integrated into uniApplication ?