2012-09-06

Roadmap: interface-based callbacks for Event Collaboration

On the mORMot roadmap, we added a new upcoming feature, to implement one-way callbacks from the server.
That is, add transparent "push" mode to our Service Oriented Architecture framework.

Aim is to implement notification events triggered from the server side, very easily from Delphi code, even over a single HTTP connection - for instance, WCF does not allow this: it will need a dual binding, so will need to open a firewall port and such.

It will be the ground of an Event Collaboration stack included within mORMot, in a KISS way.
Event Collaboration is really a very interesting pattern, and even if not all your application domain should be written using it, some part may definitively benefit from it.
The publish / subscribe pattern provides greater network scalability and a more dynamic SOA implementation: for instance, you can add listeners to your main system events (even third-party developed), without touching your main server.
Or it could be the root of the Event Sourcing part of your business domain: since callbacks can also be executed on the server side (without communication), they can be used to easily add nice features like: complete rebuild, data consolidation (and CQRS), temporal query, event replay, logging, audit, backup, replication.

Continue reading

2012-09-03

Client-Server allowed back to XE3 pro

The attempt to restrict the XE3 professional license did evolve into an amazing discussion in Embarcadero forums, and Delphi-related blogs. David I announced the (reverted) EULA for Delphi Pro. Remote database access is again possible, with terms similar to Delphi Xe2. You can check the Software  […]

Continue reading

2012-08-28

"Trop c'est trop" - No Client-Server for XE3 PRO users

Here is some unbelievable news retrieved from "Te Waka o Delphi" blog:

From XE3 onwards, your Delphi Professional EULA will prohibit you from using Delphi Professional for anything other than local data access.
If you want to build client/server database applications using Delphi Professional, you will be required to purchase a “Client/Server Add-On” pack.

This goes beyond the fact that you do not get (or can otherwise use or install) client/server drivers for the DBExpress or other “built in” data access frameworks, but extends even to 3rd party data access technologies.
That is, whatever you may be able to do or achieve – technically – using some 3rd party component or library with you Delphi Professional compiler, you cannot legally create a client/server application.
Never mind any 3rd party components or libraries, this same prohibition will apply even if you are using naked, unadorned Microsoft ADO.

Damn show-stopper for me.
Embarcadero is killing Delphi.

Our very own mORMot Open-Source framework is fully Client-Server oriented, and allow creating scalable Client-Server applications even with an Oracle DB system back-end, even with XE2 starter edition (direct access, without any DB.pas / DBExpress layer).

Continue reading

2012-04-20

WCF, mORMot and Event Sourcing

Our latest mORMot feature is interface-based service implementation.

How does it compare with the reference of SOA implementation (at least in the Windows world) - aka WCF?

"Comparaison n'est pas raison", as we use to say in France.
But we will also speak about Event Sourcing, and why it is now on our official road map.
Comparing our implementation with WCF is the opportunity to make our framework always better.

Continue reading

2012-04-19

Smart: mORMot, from Delphi to JavaScript

Did you hear from the great Smart project?

It is an IDE and some source runtime able to develop and compile an Object-Pascal project into a HTML 5 / CSS 3 / JavaScript embedded application.
It does target AJAX Mobile application creation (i.e. Android and iPhone/iPad apps running Web-Kit).
You'll get an unique .html file containing the whole client-side application: it won't need any server side implementation. Using a third-party tool like PhoneGap, you'd be able to supply your customers with true native applications, running without any network, and accessing the full power of any modern Smart Phone.

Smart is a great candidate for implementing rich client-side AJAX applications, to work with our client-server mORMot framework.

In order to interface Smart code with mORMot, we started implementing some low-level code to work with our RESTful authentication scheme.

So we'll need to implement some Smart dedicated Open Source code implementing crc32 and SHA-256 hashing.

Continue reading

2011-12-30

Hash collision attack

A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.

The issue finds particular exposure in web server applications and/or frameworks. In particular, the lack of sufficient limits for the number of parameters in POST requests in conjunction with the predictable collision properties in the hashing functions of the underlying languages can render web applications vulnerable to the DoS condition. The attacker, using specially crafted HTTP requests, can lead to a 100% of CPU usage which can last up to several hours depending on the targeted application and server performance, the amplification effect is considerable and requires little bandwidth and time on the attacker side.

Source: #2011-003 multiple implementations denial-of-service via hash algorithm collision

Continue reading

2011-08-10

Framework documentation updated for revision 1.15

The framework documentation was just updated.

The general organization of the SAD document (which is the one to be read in all cases) has been refreshed, and is now separated in smaller chapters.

The new official name has been changed into "Synopse SQLite3/mORMot framework"...

Continue reading

2011-07-04

WinINet vs WinHTTP

HTTP Client Classes

If you want to implement an HTTP client access in your application, you may consider several choices:

  • Use the provided Indy components;
  • Use third-party components like Synapse, ICS or your own WinSock-based wrapper;
  • Use WinINet;
  • Use WinHTTP.

For our ORM, we tried to avoid external dependencies, and did not have the need of all Indy's features and overhead.
We fist wrote our own WinSock wrapper, then tried out WinInet.

When used on our testing benchmark, we found out that WinINet was dead slow.
Then we tried WinHTTP, the new API provided by Microsoft, and we found out this was blazing fast. As fast as direct WinSock access, without the need of writing all the wrapper code.

Continue reading

2011-05-24

How to implement RESTful authentication

How to handle authentication in a RESTful Client-Server architecture is a matter of debate.

Commonly, it can be achieved, in the SOA over HTTP world via:
- HTTP basic auth over HTTPS;
- Cookies and session management;
- Query Authentication with additional signature parameters.

We'll have to adapt, or even better mix those techniques, to match our framework architecture at best.

Each authentication scheme has its own PROs and CONs, depending on the purpose of your security policy and software architecture.

Continue reading

2011-03-11

HTTP server using fast http.sys kernel-mode server

Since Windows XP SP2 and Windows Server 2003, the Operating System provides a kernel stack to handle HTTP requests. This http.sys driver is in fact a full featured HTTP server, running in kernel mode. It is part of the networking subsystem of the Windows operating system, as a core component.

The SynCrtSock unit can now implement a HTTP server based on this component. Of course, our SQLite3 framework will use it. If it's not available, it will launch our pure Delphi optimized HTTP server, using I/O completion ports and a Thread Pool.

Continue reading

2010-08-24

Synopse SQLite3 Framework 1.9.1

The Synopse SQLite3 Database Framework was just released under version 1.9.1:
- internal SQLite3 database engine is updated to version 3.7.2;
- new TSQLRecordFTS3 record, for using FTS3 virtual tables, i.e. implementing full-text search;
- new SQLite3UIEdit unit, to edit table content with a dialog created from RTTI;
- new dedicated BLOB methods and JSON array serialization;
- a lot of fixes and speed enhancements (including our HTTP/1.1 RESTful server now using Thread Pool).

The new 3.7.2 version of the SQLite3 engine, which is mandatory according to SQLite3's authors, is included.

Continue reading

2010-08-19

How to implement multi-tier architecture in our SQLite3 Framework

In software engineering, multi-tier architecture (often referred to as n-tier architecture) is a client–server architecture in which the presentation, the application processing, and the data management are logically separate processes. For example, an application that uses middleware to service data requests between a user and a database employs multi-tier architecture. The most widespread use of multi-tier architecture is the three-tier architecture.

Both ORM and RESTful aspects of our framework makes it easy to develop using such a three-tier architecture.

Continue reading

2010-05-24

SQLite3 Framework version 1.7

Our SQLite3 Framework has been updated into the 1.7 version. For Delphi 7 to Delphi 2010.

Mostly User-Interface (reporting) enhancements, and some bug fixes.

Continue reading

2010-02-08

SQLite3 Framework version 1.4

The framework has been updated, and is released now under the LGPL license (public domain license was found to be confusing).

Continue reading

page 2 of 2 -