
It is time for a new mORMot release!
2024-10-16
2024-10-16. Open Source › mORMot Framework
It is time for a new mORMot release!
2024-10-12
2024-10-12. Open Source › mORMot Framework
Since decades, Delphi has user groups everywhere, from Australia to Austria, from Russia to California.
I will join the DAPUG (Database Application Programmers Users Group), which is the Danish Delphi user Group, in the next weeks, for two exciting days of Workshop.
2024-09-06
2024-09-06. Open Source › mORMot Framework
OpenAPI, which was formerly called Swagger, is a set of specifications to encode the server API endpoints definitions into text, mostly JSON.
From this reference text, you can generate client code to access the service, in a vast number of languages.
Delphi seems to be far behind other languages, in terms of this code generation. I found nothing even working for FPC.
Since we needed it for our internal tools at Tranquil IT, we just published the new mormot.net.openapi.pas Open Source unit, which is quite a game changer. Thanks Andreas for starting this project, and testing it in its early age!
2019-10-30
2019-10-30. Open Source › mORMot Framework
I just finished my workshop at EKON 23.
Like every year, it was a great event to attempt to, and I enjoyed presenting 2
sessions and 1 workshop.
Sessions were about "Kingdom Driven Design" (KDD), which is the
name I used to define a cut-down version of "Domain Driven Design" (DDD).
Less paranoid, a bit less isolation, but perhaps more common sense for the less
sensitive projects.
Some presentations and code are now available!
2019-10-17
2019-10-17. Open Source › mORMot Framework
I just found some very nice articles by Stephan Bester about first steps to mORMot's ORM and SOA.
Don't be scared by the mORMot: it is more stressed than you
are.
This painful picture just
won a wildlife photographer prize... poor little rodent!
2019-09-21
2019-09-21. Open Source › mORMot Framework
A long-awaited feature was the ability to create stand-alone mORMot Win64 applications via Delphi, with no external sqlite3-64.dll required.
It is now available, with proper integration, and encryption is working!
2018-11-12
2018-11-12. Pascal Programming
I've uploaded two sets of slides from my presentations at EKON 22 : Object Pascal Clean Code Guidelines Proposal High Performance Object Pascal Code on Servers with the associated source code The WorkShop about "Getting REST with mORMot" has a corresponding new Samples folder in our […]
2016-10-18
2016-10-18. Open Source › mORMot Framework
In order to follow best practice, our .private
key files are
always protected by a password. A random value with enough length and
entropy is always proposed by the ECC
tool when a key pair is
generated, and could be used directly.
It is always preferred to trust a computer to create true randomness (and
SynCrypto.pas
's secure TAESPRNG
was designed to be
the best possible seed, using hardware entropy if available), than using our
human brain, which could be defeated by dictionary-based password
attacks.
Brute force cracking would be almost impossible, since
PBKDF2_HMAC_SHA256
Password-Based Key Derivation Function with
60,000 rounds is used, so rainbow tables (i.e. pre-computed passwords list)
will be inoperative, and each password trial would take more time than with a
regular Key Derivation Function.
The issue with strong passwords is that they are difficult to remember. If
you use not pure random passwords, but some easier to remember values with good
entropy, you may try some tools like https://xkpasswd.net/s which returns values like
$$19*wrong*DRIVE*read*61$$
.
But even then, you will be able to remember only a dozen of such passwords. In
a typical public key infrastructure, you may create hundredths of keys, so
remembering all passwords is no option for an average human being as (you and)
me.
At the end, you end up with using a tool to store all your passwords (last
trend is to use an online service with browser integration), or - admit it -
store them in an Excel
document protected by a password. Most IT
people - and even security specialists - end with using such a mean of storage,
just because they need it.
The weaknesses of such solutions can be listed:
The ECC
tool is able to work in "cheat mode", storing all
.private
key files generated passwords in an associated
.cheat
local file, encrypted using a cheat.public
key.
As a result:
.cheat
file, so you
only unleash one key at a time;.cheat
file content is meaningless without the
cheat.private
key and its master password, so you can manage and
store them together with your .private
files;cheat.public
key is needed when creating a key pair,
so you won't leak your master password, and even could generate keys in an
automated way, on a distant server;cheat.private
key will be safely stored in a separated
place, only needed when you need to recover a password;2016-09-24
2016-09-24. Open Source › mORMot Framework
After weeks of implementation and testing, we introduce today a new feature of our mORMot Open-Source Framework.
Asymmetric encryption, also known as public-key cryptography, uses pairs of keys:
The framework
SynEcc unit features a full asymmetric encryption system, based on
Elliptic curve
cryptography (ECC), which may be used at application level (i.e. to
protect your application data, by signing or encrypting it), or at transmission
level (to enhance communication safety).
A full set of high-level features, including certificates and command line
tool, offers a stand-alone but complete public-key
infrastructure (PKI).
2016-04-22
2016-04-22. Open Source
You should have noticed that Delphi 10.1 Berlin has been released. Our Open Source projects, including mORMot and SynPDF and their associated documentation have been updated to support this new revision. Any additional feedback is welcome, as usual!
2015-12-11
2015-12-11. Open Source › mORMot Framework
We have seen previously how the ORM part of the framework is able to provide
an Audit
Trail for change tracking.
It is a very convenient way of storing the change of state of the data.
On the other side, in any modern SOA solution, data is not at the center any
more, but services.
Sometimes, the data is not stored within your server, but in a third-party
Service-Oriented Architecture (SOA).
Being able to monitor the service execution of the whole system becomes sooner
or later mandatory.
Our framework allows to create an Audit Trail of any incoming or outgoing service operation, in a secure, efficient and automated way.
2015-11-17
2015-11-17. Open Source › mORMot Framework
If you compare with existing client/server SOA solutions (in Delphi, Java,
C# or even in Go or other frameworks), mORMot's
interface
-based
callback mechanism sounds pretty unique and easy to work with.
Most Events Oriented solutions do use a set of dedicated
messages to propagate the events, with a centralized Message
Bus (like MSMQ or
JMS), or a
P2P/decentralized approach (see e.g. ZeroMQ or NanoMsg). In practice, you are expected to
define one class
per message, the class
fields being
the message values. You would define e.g. one class
to notify a
successful process, and another class
to notify an error. SOA
services would eventually tend to be defined by a huge number of individual
classes, with the temptation of re-using existing classes in several
contexts.
Our interface
-based approach allows to gather all events:
interface
type per notification, i.e.
probably per service operation;Since asynchronous notifications are needed most of the time, method
parameters would be one-way, i.e. defined only
as const
- in such case, an evolved algorithm would
transparently gather those outgoing messages, to enhance scalability when
processing such asynchronous events. Blocking request may also be defined
as var/out
, as we will see below, inWorkflow
adaptation.
Behind the scene, the framework would still transmit raw messages over IP
sockets (currently over a
WebSockets connection), like other systems, but events notification would
benefit from using interfaces, on both server and client sides.
We will now see how...
2015-07-14
2015-07-14. Open Source › mORMot Framework
An enthusiastic mORMot user, named willo in the forum, just started a blog about his experiments with our framework.
The information there is clear, simple, and right to the point.
If you are a little lost in our huge documentation, it is a good place to
start!
2015-06-16
2015-06-16. Open Source › mORMot Framework
One common problem when handling dates and times, is that time is shown and entered as local, whereas the computer should better use non-geographic information - especially on a Client-Server architecture, where both ends may not be on the same physical region.
A time zone is a region that observes a uniform standard time for
legal, commercial, and social purposes.
Time zones tend to follow the boundaries of countries and their subdivisions
because it is convenient for areas in close commercial or other communication
to keep the same time.
Most of the time zones on land are offset from Coordinated Universal
Time (UTC) by a whole number of hours, or minutes.
Even worse, some countries use daylight saving time for part of the year,
typically by changing clocks by an hour, twice every year.
The main rule is that any date and time stored should be stored in
UTC, or with an explicit Zone identifier (i.e. an explicit offset to
the UTC value).
Our framework expects this behavior: every date/time value stored and handled
by the ORM, SOA, or any other part of it, is expected to be UTC-encoded.
At presentation layer (e.g. the User Interface), conversion to/from local times
should take place, so that the end-user is provided with friendly clock-wall
compatible timing.
As you may guess, handling time zones is a complex task, which should be
managed by the Operating System itself.
Since this cultural material is constantly involving, it is updated as part of
the OS.
In practice, current local time could be converted from UTC from the current system-wide time zone. One of the only parameters you have to set when installing an Operating System is to pickup the keyboard layout... and the current time zone to be used. But in a client-server environment, you may have to manage several time zones on the server side: so you can't rely on this global setting.
One sad - but predictable - news is that there is no common way of encoding
time zone information.
Under Windows, the registry contains a list of time zones, and the
associated time bias data. Most POSIX systems (including Linux and Mac
OSX) do rely on the IANA database, also called tzdata
- you may
have noticed that this particular package is often updated with your
system.
Both zone identifiers do not map, so our framework needed something to be
shared on all systems.
2015-06-01
2015-06-01. Open Source › mORMot Framework
One year ago, we published a set of slides about the main concepts implemented by our framework. Mainly about ORM (and ODM), NoSQL, JSON, SOA, MVC (and MVVM), SOLID, DDD, CQRS and some patterns like Stubs, Mocks, Factory, Repository, Unit-Of-Work. Worth a look, if you want to find out the benefits […]
2015-05-18
2015-05-18. Open Source › mORMot Framework
We introduced DDD concepts some time ago, in a series of articles in this blog. At that time, we proposed a simple way of using mORMot types to implement DDD in your applications. But all Domain Entitities being tied to the framework TSQLRecord class did appear as a limitation, breaking the […]
2015-05-03
2015-05-03. Pascal Programming
I've just updated the documentation part about the SOLID Design
Principles.
The former blog article
(almost 4 years old!) sounds like a bit deprecated now...
This is why I would extract here an updated version of this material.
Ensure you checked the corresponding part of the mORMot documentation, which is the updated reference, and probably the easiest to read - including links to all the other documentation.
The acronym SOLID is derived from the following OOP principles (quoted from the corresponding Wikipedia article):
If you have some programming skills, those principles are general statements you may already found out by yourself. If you start doing serious object-oriented coding, those principles are best-practice guidelines you would gain following.
They certainly help to fight the three main code weaknesses:
2015-04-12
2015-04-12. Open Source › mORMot Framework
Usually, in Delphi application (like in most high-level languages), errors
are handled via exceptions. By default, any Exception
raised on the server side, within an interface
-based service
method, will be intercepted, and transmitted as an error to the client side,
then a safe but somewhat obfuscated EInterfaceFactoryException
will be raised on the client side, containing additional information serialized
as JSON.
You may wonder why exceptions are not transmitted and raised directly on the client side, with our mORMot framework interface-based services, as if they were executed locally.
We will now detail some arguments, and patterns to be followed.
2015-04-06
2015-04-06. Open Source › mORMot Framework
When publishing SOA services, most of them are defined as
stateless, in a typical query/answer pattern - see
Service-Oriented Architecture (SOA).
This fits exactly with the RESTful approach of Client-Server
services via interfaces, as proposed by the framework.
But it may happen that a client application (or service) needs to know the state of a given service. In a pure stateless implementation, it will have to query the server for any state change, i.e. for any pending notification - this is called polling.
Polling may take place for instance:
It may therefore sounds preferred, and in some case necessary, to have the ability to let the server notify one or several clients without any prior query, nor having the requirement of a client-side timer:
Our mORMot framework is therefore able to easily implement
asynchronous callbacks over WebSockets,
defining the callbacks as interface
parameters in service method
definitions - see
Available types for methods parameters.
2015-04-06. Open Source › mORMot Framework
In a previous
article, we presented how Master/Slave replication may be easily
implemented in mORMot's RESTful ORM.
Do not forget to
visit the corresponding paragraphs of our online documentation, which has
been updated, and is more accurate!
Sometimes, the on-demand synchronization is not enough.
So we have just introduced real-time replication via WebSockets.
For instance, you may need to:
TTimer
is not an option;In this case, the framework is able to use WebSockets and
asynchronous callbacks to let the master/slave replication - see
Asynchronous callbacks - take place without the need to ask explicitly
for pending data.
You would need to use
TSQLRestServer.RecordVersionSynchronizeMasterStart
,
TSQLRestServer.RecordVersionSynchronizeSlaveStart
and
TSQLRestServer.RecordVersionSynchronizeSlaveStop
methods over the
proper kind of bidirectional connection.
« previous entries - page 1 of 5