2020-03-03

Preparing Revision 2.x of the mORMot Framework

The more I think of it, the more I am convinced it is time to change how the framework is versioned.
We have version 1.18 since years... difficult to follow... time to upgrade!


I would like to upgrade mORMot to version 2 - with a major refactoring.

Continue reading

2019-09-18

Introducing Kingdom Driven Design at EKON 23

There are still some days to join EKON 23 conferences with the reduced price!

I will make 2 sessions, and 1 workshop, in English (my German is not good enough), about practical project design and mORMot.
If you find DDD is a bit too much for you, but still want to write clean code, check this!

Continue reading

2016-12-19

JSON Web Tokens (JWT)

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

They can be used for:

  • Authentication: including a JWT to any HTTP request allows Single Sign On user validation across different domains;
  • Secure Information Exchange: a small amount of data can be stored in the JWT payload, and is digitally signed to ensure its provenance and integrity.

See http://jwt.io for an introduction to JSON Web Tokens.

Our mORMot framework now implements JWT:

  • HS256 (HMAC-SHA256) and ES256 (256-bit ECDSA) algorithms (with the addition of the "none" weak algo);
  • Validates all claims (validation dates, audiences, JWT ID);
  • Thread-safe and high performance (2 µs for a HS256 verification under x64), with optional in-memory cache if needed (e.g. for slower ES256);
  • Stand-alone and cross-platform code (no external dll, works with Delphi or FPC);
  • Enhanced security and strong design - per instance, it is by design immune from https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries
  • Full integration with the framework.

Continue reading

2016-11-10

EKON20 mORMot Conferences

EKON20 is now over, and there was a lot of people, great speakers, beautiful T-Shirt, and fresh beer! I've published the slides of my mORMot conferences on SlideShare... EKON20 From RAD to SOA with mORMot EKON20 mORMot Legacy Code Technical Debt Delphi Conference EKON20 Ride a mORMot EKON20 2016  […]

Continue reading