Jump to content

irigsoft

uniGUI Subscriber
 View Profile  See their activity

  • Posts

    1375

  • Joined

  • Last visited

  • Days Won

    22

 Content Type 

Everything posted by irigsoft

  1. irigsoft
    Does anyone know how to apply this: The following JavaScript security best practices can reduce this risk. Avoid eval(): Don’t utilize this command in code, since it simply executes passed argument if it is a JavaScript expression. This means if the hacker succeeds in manipulating input value, he or she will be able to run any script she wants. Instead, opt for alternative options that are more secure. Set secure cookies: To ensure SSL/HTTPS is in use, set your cookies as “secure,” which limits the use of your application’s cookies to only secure web pages. Set API access keys: Assign individual tokens for each end user. If these tokens don’t match up, access can be denied or revoked. Use safe methods of DOM manipulation: Methods such as innerHTML are powerful and potentially dangerous, as they don’t limit or escape/encode the values that are passed to them. Using a method like innerText instead provides inherent escaping of potentially hazardous content. This is particularly useful in preventing DOM-based XSS attacks.
  2. irigsoft
    I completely agree, and the file is very useful for anyone who wants to test their application for attacks. Of course, it is best to leave this in the hands of professionals in this field, but we can test some problems. It even impresses me that a specific version of unigui has been tested, is there already a breakthrough in this version and in the next ones? Since so far I have not been able to find a correct way to block javascript injections, I decided to ask if you have found one and do you have any idea what could be extracted as information through it?
  3. irigsoft
    I didn't see anything saved from javascript injection attacks. Do You sure that not it was made. If was made, what may to be stolen. Some cookie, html script or else. Do You analyze that ?
  4. irigsoft
    Hello, Thanks to share. How You know that unigui was blocking all request? Do You have some info in log file like "/script" was blocked or something else to be sure how was worked under attacks.
  5. irigsoft
    Hello, TUniServerModule.UniGUIServerModuleHTTPCommand is best way to catch all data event before session's parameters are created. If Session is created, many parameters are created too like Cookies and so on. But when Client make call to server, there is data exchange before full session creation (all Session parameters). For my purposes I use this TUniServerModule.UniGUIServerModuleHTTPCommand even for events before the session is fully created and all its parameters Other functions are :TUniServerModule.UniGUIServerModuleHTTPCommand, TUniServerModule.UniGUIServerModuleHTTPDocument Try it.
  6. irigsoft
    for me this indicates a problem with the headers in the mail or a problem with the SSL dll.
  7. irigsoft
    Hello Have you checked the port settings in your remote area. Often the standard port is not open and needs to be configured. I put my Standalone application in the remote area and launched it. Locally it works fine, but remotely the unigui port must be set in the rules of VPS firewall. You may not have set this up: gmail port in VPS firewall policy
  8. irigsoft
    I think it is not needed. Maybe there is a problem with server settings. Maybe it is a problem with UnLoadOpenSSLLibrary. I think is not loading the SSL libraries, try to copy 32bit ssl libraries to Sys64 on system directories
  9. irigsoft
    I can't help with a direct solution, but I think it's better to check your CSS custom files and try to change the skin. Have you tried without custom css and standard skin, does this problem reappear?
  10. irigsoft
    Hello, I was made this with uniDBGrid. I don't know if this is the best way, but for me it's a working way
  11. irigsoft
    Try to clear: 1. Browser cash 2. all custom css 3. all custom meta
  12. irigsoft
    I am sorry, this is old post but I think You can use it with javascript execution from file. there is a javascript execution function. procedure JAVASCRIPT_EXEC (Sender: TObject; fType, Data, DataObjectsList : AnsiString); var I : Integer; DataList : TStringList; sObject : TObject; begin if (Sender <> nil) then begin TRY With TUniControl (Sender) do begin ScreenMask.Message := 'please, wait...'; ScreenMask.WaitData := False;//True; ScreenMask.Enabled := False;//True; end; EXCEPT END; end; IF (Length (Data) > 1) then begin DataList := TStringList.Create; DataList.StrictDelimiter := True; DataList.Delimiter := ';'; DataList.LoadFromFile (Data); Data := TRIM (DataList.Text); DataList.Clear; If Assigned(DataList) then FreeandNil (DataList); end; //TUnibutton (Sender).ClientEvents.ExtEvents.Values ['click'] := 'function click(sender, e, eOpts){' + Data + '}'; //UniSession.JSCode (Data); UniSession.AddJs (Data); //UniSession.JSONDirect (Data); end;
  13. irigsoft
    I made my own function for OnKeyUp, so when you create a form, all the elements are created dynamically. when I create TuniEdit, I set MyEditComponent.OnKeyUp: = MyKeyUpFunction, this was done by the server as VCL. Have you tried anything like this?
  14. irigsoft
    If You want to use parameters: with Adoquery1.Parameters do begin Clear; AddParameter.Name := 'MyDatePar'; ParamValues ['MyDatePar'] := FormatDateTime ('dd.MM.yyyy HH:mm:ss',Now,MySettings); end;
  15. irigsoft
    If I understand you correct, this is my function: Adoquery1.SQL.Add ('SET DATEFORMAT dmy;' + ' SELECT * FROM MyTableData' + ' WHERE MyDateField = ''' + FormatDateTime ('dd.MM.yyyy HH:mm:ss',Now,MySettings) + '''' ); Adoquery1.Open; where MySettings is extremely important, this: GetLocaleFormatSettings(GetUserDefaultLCID, MySettings); //SysUtils MySettings.DateSeparator := '.'; MySettings.TimeSeparator := ':'; MySettings.DecimalSeparator := '.'; MySettings.LongTimeFormat := 'HH:mm:ss'; MySettings.ShortDateFormat := 'dd-MM-yyyy'; MySettings.ShortTimeFormat := 'HH:mm'; correct all localsettings for application
  16. irigsoft
    I use in MS SQL. https://docs.microsoft.com/en-us/sql/t-sql/statements/set-dateformat-transact-sql?view=sql-server-ver15 https://stackoverflow.com/questions/6054794/how-to-change-default-systemdate-from-ymd-to-dmy Adoquery1.SQL.Add ('SET DATEFORMAT dmy;' + ' SELECT * FROM MyTableData' + ' WHERE YourCriteria' ); Adoquery1.Open;
  17. irigsoft
    In my queryes I use declaration of dateformat. Use MSSQL and Query start with: SET DATEFORMAT dmy;
  18. irigsoft
    Or Try to use this: uses SysUtils; var MySettings: TFormatSettings; procedure TUniServerModule.UniGUIServerModuleBeforeInit(Sender: TObject); begin //http://www.delphibasics.co.uk/RTL.asp?Name=GetLocaleFormatSettings GetLocaleFormatSettings(GetUserDefaultLCID, MySettings); //SysUtils MySettings.DateSeparator := '.'; MySettings.TimeSeparator := ':'; MySettings.DecimalSeparator := '.'; MySettings.LongTimeFormat := 'HH:mm:ss'; MySettings.ShortDateFormat := 'dd-MM-yyyy'; MySettings.ShortTimeFormat := 'HH:mm'; //set local settings to application In Procedure You can use FormatDateTime ('dd-MM-yyyy HH:mm:ss',Now,MySettings);
  19. irigsoft
    Hello, like what user start IIS ? Windows User, or Administrator ?
  20. irigsoft
    I want to block the user from receiving the file or an login form should appear if you just click (paste) the link, but it doesn't happen
  21. irigsoft
    there is something strange I try to open link via QrCode and error 405 ocure (Samsung Browser and mobile Goolge Chrome), but in every try to open by Click on link no problem ocures in Google Chrome.
  22. irigsoft
    Try this: just click on link: If so now clear browser cache and try https://axfite.com.au/images/AxfiteEditorial.pdf no problem to open file Copy link "https://axfite.com.au/images/AxfiteEditorial.pdf" and paste to new browser tab: error 405 ocure Without Browser clear cache
  23. irigsoft
    If I click on link , no problem to open file Goolge chrome. If I copy link and past to new tab in Chrome, I get error 405
  24. irigsoft
    I cant understand how it's work. One time file is open from url without open domain. Other time domain is opened, error 405 ocure from link to file Other link open file, with no problems. Befor every try I clear browser's cache
  25. irigsoft
    Yes, now in Microsoft Ege: domain is opened, file is blocked. Now, the same in Goolge Chrome : domain is opened, file is blocked . no cache clearing. One tab for domain, other with link to file. Now file is opened again with Goolge Chrome
×
×
  • Create New...