Tag - mORMot

Entries feed - Comments feed

2020-03-30

Debriefing of mORMot2 Survey

Thanks you all for have posted your feedback on our mORMot2 Survey!

Here are some insights.

Continue reading

2020-03-28

Faster Double-To-Text Conversion

On server side, a lot of CPU is done processing conversions to or from text. Mainly JSON these days.

In mORMot, we take care a lot about performance, so we have rewritten most conversion functions to have something faster than the Delphi or FPC RTL can offer.
Only float to text conversion was not available. And RTL str/floattexttext performance, at least under Delphi, is not consistent among platforms.
So we just added a new Double-To-Text set of functions.

Continue reading

2020-03-06

We Need U: Survey about mORMot 2.0

First of all, if it was not clear enough: Delphi will continue to be supported in mORMot 2.0. Some people reported that our previous article may have been misleading. But perhaps not all versions. For sure, Delphi 5 and Kylix will not be supported in mORMot 2. It is also possible that it would not  […]

Continue reading

2020-03-03

Preparing Revision 2.x of the mORMot Framework

The more I think of it, the more I am convinced it is time to change how the framework is versioned.
We have version 1.18 since years... difficult to follow... time to upgrade!


I would like to upgrade mORMot to version 2 - with a major refactoring.

Continue reading

2019-10-30

EKON 23 Presentation Slides and Code

I just finished my workshop at EKON 23.
Like every year, it was a great event to attempt to, and I enjoyed presenting 2 sessions and 1 workshop.

Sessions were about "Kingdom Driven Design" (KDD), which is the name I used to define a cut-down version of "Domain Driven Design" (DDD).
Less paranoid, a bit less isolation, but perhaps more common sense for the less sensitive projects.
Some presentations and code are now available!

Continue reading

2019-10-17

Nice introductory articles about mORMot

I just found some very nice articles by Stephan Bester about first steps to mORMot's ORM and SOA.

Don't be scared by the mORMot: it is more stressed than you are.
This painful picture just won a wildlife photographer prize... poor little rodent!

Continue reading

2019-09-21

SQLite3 static linking for Delphi Win64

A long-awaited feature was the ability to create stand-alone mORMot Win64 applications via Delphi, with no external sqlite3-64.dll required.

It is now available, with proper integration, and encryption is working!

Continue reading

2019-09-18

Introducing Kingdom Driven Design at EKON 23

There are still some days to join EKON 23 conferences with the reduced price!

I will make 2 sessions, and 1 workshop, in English (my German is not good enough), about practical project design and mORMot.
If you find DDD is a bit too much for you, but still want to write clean code, check this!

Continue reading

2018-11-12

Win 100GB of log space from a Real Life mORMot Project

Sometimes, I am asked what could be done with mORMot. Well, we've been using the library at LiveMon to analyse logs for example. And we're able to get speed of a few TB/sec. Speed above is no typo: TB/s not GB/s. For a regex search, not a per-word dictionary based lookup. With a cross-platform  […]

Continue reading

EKON 22 Slides and Code

I've uploaded two sets of slides from my presentations at EKON 22 : Object Pascal Clean Code Guidelines Proposal High Performance Object Pascal Code on Servers with the associated source code The WorkShop about "Getting REST with mORMot" has a corresponding new Samples folder in our  […]

Continue reading

2018-03-12

New AES-based SQLite3 encryption

We just committed a deep refactoring of the SynSQlite3Static.pas unit - and all units using static linking for FPC. It also includes a new encryption format for SQlite3, using AES, so much more secure than the previous one. This is a breaking change, so worth a blog article! Now all static .o .a  […]

Continue reading

2018-02-07

Status of mORMot ORM SOA MVC with FPC

In the last weeks/months, we worked a lot with FPC.
Delphi is still our main IDE, due to its better debugging experience under Windows, but we target to have premium support of FPC, on all platforms, especially Linux.

The new Delphi Linux compiler is out of scope, since it is heavily priced, its performance is not so good, and ARC broke memory management so would need a deep review/rewrite of our source code, which we can't afford - since we have FPC which is, from our opinion,  a much better compiler for Linux.
Of course, you can create clients for Delphi Linux and FMX, as usual, using the cross-platform client parts of mORMot. But for server side, this compiler is not supported, and will probably never be.

Continue reading

2018-01-02

Happy New mORMot Year

mORMot2018

Happy New mORMot Year 2018! And thanks Mario for the video!  […]

Continue reading

2017-11-11

Job Opportunities at LiveMon

You like working with mORMot ? We're hiring new developers at LiveMon.  We're a full-remote team (with a monthly gather-up in Paris), working on a real-time AI-powered monitoring tool. I joined LiveMon this week, and we will work together on this exciting project, using mORMot and FPC! Contact us at  […]

Continue reading

2017-10-24

EKON 21 Slides

After having enjoyed EKON 21 conferences in Köln, some quick post to share material about my presentations. MicroServices: SOLID Meets SOA MicroServices: Event-Driven Design Practical Domain-Driven Design I also included the "Practical DDD" source code in a new sample folder of the mORMot  […]

Continue reading

2017-03-22

Delphi 10.2 Tokyo Compatibility: DCC64 broken

We are proud to announce compatibility of our mORMot Open Source framework with the latest Delphi 10.2 Tokyo compiler...
At least for Win32.

For Win64, the compiler was stuck at the end of the compilation, burning 100% of one CPU core...

A bit disappointing, isn't it?

Continue reading

2016-12-19

JSON Web Tokens (JWT)

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

They can be used for:

  • Authentication: including a JWT to any HTTP request allows Single Sign On user validation across different domains;
  • Secure Information Exchange: a small amount of data can be stored in the JWT payload, and is digitally signed to ensure its provenance and integrity.

See http://jwt.io for an introduction to JSON Web Tokens.

Our mORMot framework now implements JWT:

  • HS256 (HMAC-SHA256) and ES256 (256-bit ECDSA) algorithms (with the addition of the "none" weak algo);
  • Validates all claims (validation dates, audiences, JWT ID);
  • Thread-safe and high performance (2 µs for a HS256 verification under x64), with optional in-memory cache if needed (e.g. for slower ES256);
  • Stand-alone and cross-platform code (no external dll, works with Delphi or FPC);
  • Enhanced security and strong design - per instance, it is by design immune from https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries
  • Full integration with the framework.

Continue reading

2016-11-10

EKON20 mORMot Conferences

EKON20 is now over, and there was a lot of people, great speakers, beautiful T-Shirt, and fresh beer! I've published the slides of my mORMot conferences on SlideShare... EKON20 From RAD to SOA with mORMot EKON20 mORMot Legacy Code Technical Debt Delphi Conference EKON20 Ride a mORMot EKON20 2016  […]

Continue reading

2016-10-18

Cheat Mode for Private Keys

In order to follow best practice, our .private key files are always protected by a password.  A random value with enough length and entropy is always proposed by the ECC tool when a key pair is generated, and could be used directly.
It is always preferred to trust a computer to create true randomness (and SynCrypto.pas's secure TAESPRNG was designed to be the best possible seed, using hardware entropy if available), than using our human brain, which could be defeated by dictionary-based password attacks.
Brute force cracking would be almost impossible, since PBKDF2_HMAC_SHA256 Password-Based Key Derivation Function with 60,000 rounds is used, so rainbow tables (i.e. pre-computed passwords list) will be inoperative, and each password trial would take more time than with a regular Key Derivation Function.

The issue with strong passwords is that they are difficult to remember. If you use not pure random passwords, but some easier to remember values with good entropy, you may try some tools like https://xkpasswd.net/s which returns values like $$19*wrong*DRIVE*read*61$$.
But even then, you will be able to remember only a dozen of such passwords. In a typical public key infrastructure, you may create hundredths of keys, so remembering all passwords is no option for an average human being as (you and) me.

At the end, you end up with using a tool to store all your passwords (last trend is to use an online service with browser integration), or - admit it - store them in an Excel document protected by a password. Most IT people - and even security specialists - end with using such a mean of storage, just because they need it.
The weaknesses of such solutions can be listed:

  • How could we trust closed source software and third-party online services?
  • Even open source like http://keepass.info/help/base/security.html may appear weak (no PBKDF, no AFSplit, managed C#, SHA as PRNG);
  • The storage is as safe as the "master password" is safe;
  • If the "master password" is compromised, all your passwords are published;
  • You need to know the master password to add a new item to the store.

The ECC tool is able to work in "cheat mode", storing all .private key files generated passwords in an associated .cheat local file, encrypted using a cheat.public key.

As a result:

  • Each key pair will have its own associated .cheat file, so you only unleash one key at a time;
  • The .cheat file content is meaningless without the cheat.private key and its master password, so you can manage and store them together with your .private files;
  • Only the cheat.public key is needed when creating a key pair, so you won't leak your master password, and even could generate keys in an automated way, on a distant server;
  • The cheat.private key will be safely stored in a separated place, only needed when you need to recover a password;
  • It uses strong File Encryption, with proven PBKDF, AFSplit, AES-PRNG, and ECDH/ECIES algorithms.

Continue reading

2016-09-24

Public-key Asymmetric Cryptography via SynECC

After weeks of implementation and testing, we introduce today a new feature of our mORMot Open-Source Framework.

Asymmetric encryption, also known as public-key cryptography, uses pairs of keys:

  • Public keys that may be disseminated widely;
  • Paired with private keys which are known only to the owner.

The framework SynEcc unit features a full asymmetric encryption system, based on Elliptic curve cryptography (ECC), which may be used at application level (i.e. to protect your application data, by signing or encrypting it), or at transmission level (to enhance communication safety).
A full set of high-level features, including certificates and command line tool, offers a stand-alone but complete public-key infrastructure (PKI).

Continue reading

- page 1 of 10