A long-awaited feature was the ability to create stand-alone mORMot Win64 applications via Delphi, with no external sqlite3-64.dll required.
It is now available, with proper integration, and encryption is working!
2019-09-21
2019-09-21. Open Source › mORMot Framework
A long-awaited feature was the ability to create stand-alone mORMot Win64 applications via Delphi, with no external sqlite3-64.dll required.
It is now available, with proper integration, and encryption is working!
2019-09-18
2019-09-18. Open Source › mORMot Framework
There are still some days to join EKON 23 conferences with the reduced price!
I will make 2 sessions, and 1 workshop, in English (my German is not good
enough), about practical project design and mORMot.
If you find DDD is a bit too much for you, but still want to write clean code,
check this!
2018-11-24
2018-11-24. Open Source › mORMot Framework
Now that Delphi 10.3 Rio is out, we had to ensure that our little mORMot would run with this revision. Since we don't make any commercial software with Delphi any more (we switched to FPC), I downloaded the Community Edition. We disabled the Error Insight feature, which seems not very stable […]
2018-11-12
2018-11-12. Open Source › mORMot Framework
Sometimes, I am asked what could be done with mORMot. Well, we've been using the library at LiveMon to analyse logs for example. And we're able to get speed of a few TB/sec. Speed above is no typo: TB/s not GB/s. For a regex search, not a per-word dictionary based lookup. With a cross-platform […]
2018-03-12
2018-03-12. Open Source › mORMot Framework
We just committed a deep refactoring of the SynSQlite3Static.pas unit - and all units using static linking for FPC. It also includes a new encryption format for SQlite3, using AES, so much more secure than the previous one. This is a breaking change, so worth a blog article! Now all static .o .a […]
2018-02-07
2018-02-07. Open Source › mORMot Framework
In the last weeks/months, we worked a lot with FPC.
Delphi is still our main IDE, due to its better debugging experience under
Windows, but we target to have premium support of FPC, on all platforms,
especially Linux.
The new Delphi Linux compiler is out of scope, since it is heavily priced,
its performance is not so good, and ARC broke memory management so would need a
deep review/rewrite of our source code, which we can't afford - since we have
FPC which is, from our
opinion, a much better compiler for Linux.
Of course, you can create clients for Delphi Linux and FMX, as usual, using
the cross-platform
client parts of mORMot. But for server side, this compiler is not
supported, and will probably never be.
2017-10-24
2017-10-24. Open Source › mORMot Framework
After having enjoyed EKON 21 conferences in Köln, some quick post to share material about my presentations. MicroServices: SOLID Meets SOA MicroServices: Event-Driven Design Practical Domain-Driven Design I also included the "Practical DDD" source code in a new sample folder of the mORMot […]
2017-08-10
2017-08-10. Open Source › mORMot Framework
You probably know about our SynLZ compression unit, in pascal and x86 asm, which is very fast for compression with a good compression ratio, and proudly compete with LZ4 or Snappy. It is used in our framework everywhere, e.g. for WebSockets communication, for ECC encrypted file content, or to […]
2017-03-22
2017-03-22. Open Source › mORMot Framework
We are proud to announce compatibility of our mORMot Open Source framework
with the latest Delphi 10.2 Tokyo compiler...
At least for Win32.
For Win64, the compiler was stuck at the end of the compilation, burning 100% of one CPU core...
A bit disappointing, isn't it?
2017-03-18
2017-03-18. Open Source › mORMot Framework
A common feature request for professional software is to prevent abuse of
published applications.
For licensing or security reasons, you may be requested to "lock" the execution
of programs, maybe tools or services.
Our Open-Souce mORMot framework can leverage
Asymmetric Cryptography to ensure that only allowed users could run some
executables, optionally with dedicated settings, on a given computer.
It offers the first brick on which you may build your own system upon.
From the User point of view, he/she will transmit
a user@host.public
file, then receives a corresponding
user@host.unlock
file, which will unlock the application.
Pretty easy to understand - even if some complex asymmetric encryption is
involved behind the scene.
2016-12-19
2016-12-19. Open Source › mORMot Framework
JSON Web Token (JWT
) is an open standard (RFC 7519) that defines a compact
and self-contained way for securely transmitting information between parties as
a JSON object. This information can be verified and trusted because it is
digitally signed. JWTs can be signed using a secret (with the HMAC algorithm)
or a public/private key pair using RSA or ECDSA.
They can be used for:
JWT
to any HTTP request allows
Single Sign On user validation across different domains;See http://jwt.io for an introduction to JSON Web Tokens.
Our mORMot framework now implements JWT
:
HS256
(HMAC-SHA256) and ES256
(256-bit ECDSA)
algorithms (with the addition of the "none"
weak algo);HS256
verification under x64), with optional in-memory cache if needed (e.g. for
slower ES256
);dll
, works
with Delphi or FPC);2016-11-10
2016-11-10. Open Source › mORMot Framework
EKON20 is now over, and there was a lot of people, great speakers, beautiful T-Shirt, and fresh beer! I've published the slides of my mORMot conferences on SlideShare... EKON20 From RAD to SOA with mORMot EKON20 mORMot Legacy Code Technical Debt Delphi Conference EKON20 Ride a mORMot EKON20 2016 […]
2016-10-18
2016-10-18. Open Source › mORMot Framework
In order to follow best practice, our .private
key files are
always protected by a password. A random value with enough length and
entropy is always proposed by the ECC
tool when a key pair is
generated, and could be used directly.
It is always preferred to trust a computer to create true randomness (and
SynCrypto.pas
's secure TAESPRNG
was designed to be
the best possible seed, using hardware entropy if available), than using our
human brain, which could be defeated by dictionary-based password
attacks.
Brute force cracking would be almost impossible, since
PBKDF2_HMAC_SHA256
Password-Based Key Derivation Function with
60,000 rounds is used, so rainbow tables (i.e. pre-computed passwords list)
will be inoperative, and each password trial would take more time than with a
regular Key Derivation Function.
The issue with strong passwords is that they are difficult to remember. If
you use not pure random passwords, but some easier to remember values with good
entropy, you may try some tools like https://xkpasswd.net/s which returns values like
$$19*wrong*DRIVE*read*61$$
.
But even then, you will be able to remember only a dozen of such passwords. In
a typical public key infrastructure, you may create hundredths of keys, so
remembering all passwords is no option for an average human being as (you and)
me.
At the end, you end up with using a tool to store all your passwords (last
trend is to use an online service with browser integration), or - admit it -
store them in an Excel
document protected by a password. Most IT
people - and even security specialists - end with using such a mean of storage,
just because they need it.
The weaknesses of such solutions can be listed:
The ECC
tool is able to work in "cheat mode", storing all
.private
key files generated passwords in an associated
.cheat
local file, encrypted using a cheat.public
key.
As a result:
.cheat
file, so you
only unleash one key at a time;.cheat
file content is meaningless without the
cheat.private
key and its master password, so you can manage and
store them together with your .private
files;cheat.public
key is needed when creating a key pair,
so you won't leak your master password, and even could generate keys in an
automated way, on a distant server;cheat.private
key will be safely stored in a separated
place, only needed when you need to recover a password;2016-09-24
2016-09-24. Open Source › mORMot Framework
After weeks of implementation and testing, we introduce today a new feature of our mORMot Open-Source Framework.
Asymmetric encryption, also known as public-key cryptography, uses pairs of keys:
The framework
SynEcc unit features a full asymmetric encryption system, based on
Elliptic curve
cryptography (ECC), which may be used at application level (i.e. to
protect your application data, by signing or encrypting it), or at transmission
level (to enhance communication safety).
A full set of high-level features, including certificates and command line
tool, offers a stand-alone but complete public-key
infrastructure (PKI).
2016-09-06
2016-09-06. Open Source › mORMot Framework
There are still a few days for "very early birds" offer for EKON 20 conference, and meet us for 3 sessions (including a half-day training/introduction to mORMot)! Join us the 7-9th of November in Düsseldorf! Our sessions are not restricted to mORMot, but will use mORMot to illustrate some […]
2016-07-30
2016-07-30. Open Source › mORMot Framework
Especially if you are dealing with a lot of data, you often need a way to
identify if a value is available in a value set.
A typical use case is if you have data sharded among
several nodes, and you want to avoid asking each node for each incoming
request.
A naive approach could be to store all data in a memory list.
But here we are really talking about a lot of data, and it would simply not fit
into a memory list.
We may say that it is the purpose of a database to maintain such a
list.
So you start a good CREATE TABLE on your RDBMS with a single indexed primary
key column, fill it with your data, and run a proper SELECT.
But it takes a lot of storage, insertion is slow, and this database becomes a
bottleneck.
Then you consider using some NoSQL database like Redis.
It is faster than a RDBMS, but it tends to use a lot of memory, and it is still
resource consuming to update the values.
No comes Bloom
Filter magic.
It allows to store the presence of high-number of values with a small memory
space, with a predefined ratio of potential
false positives.
We just introduced a TSynBloomFilter
class in our Open Source
mORMot framework trunk, which features an optimized and self-tuning
Bloom Filter storage, with potential low-bandwidth synchronization over the
wire.
2016-05-30
2016-05-30. Open Source › mORMot Framework
Some patches, provided by ALFred, did introduce some new platforms under Linux: Linux x86 (aka Intel 32-bit) Linux x64 (aka Intel 64-bit) Linux AARCH32 (aka ARM 32-bit) Linux AARCH64 (aka ARM 64-bit) It needs the latest trunk version of the FPC compiler, and the "Interface Enhanced RTTI" […]
2016-05-14
2016-05-14. Open Source › mORMot Framework
In any modern application, especially on
Client/Server nTier architecture as our little mORMot offers, we
often have to persist some private keys in a safe way.
Problem with such keys is that they consist in small amount of bytes (typically
16 or 32 bytes), easy to be left somewhere in disk or memory.
Given the abilities of recent forensic data recovery
methods, data can't be destroyed on magnetic or flash storage media
reliably.
We have just added to our SynCrypto OpenSource library
the Anti-forensic Information Splitter algorithm, as proposed in
TKS1, and implemented in the LUKS
standard.
LUKS is the de-facto standard of platform-independent standard on-disk
format for use in various tools.
2016-04-09
2016-04-09. Open Source › mORMot Framework
Everyone knows about the pascal random()
function.
It returns some numbers, using a linear
congruential generator, with a multiplier of 134775813,
in its Delphi implementation.
It is fast, but not really secure. Output is very predictable, especially if
you forgot to execute the RandSeed()
procedure.
In real world scenarios, safety always requires random numbers, e.g. for
key/nonce/IV/salt/challenge generation.
The less predictable, the better.
We just included a Cryptographically
Secure Pseudo-Random Number Generator (CSPRNG) into our
SynCrypto.pas unit.
The TAESPRNG
class would use real system entropy to generate
a sequence of pseudorandom bytes, using AES-256, so returning highly
unpredictable content.
2016-01-09
2016-01-09. Open Source › mORMot Framework
Once your application is multi-threaded, concurrent data access should be
protected. We already wrote about how debugging multi-thread
applications may be hard.
Otherwise, a "race
condition" issue may appear: for instance, if two threads modify a variable
at the same time (e.g. decrease a counter), values may become incoherent and
unsafe to use. Another symptom of broken logic is the "deadlock", by which the whole
application appears to be blocked and unresponsive, when two threads have a
wrong use of the lock, so are blocking each-others.
On a server system, which is expected to run 24/7 with no maintenance, such
issues are to be avoided.
In Delphi, protection of a resource (which may be an object, or any
variable) is usually done via Critical
Sections.
A critical section is an object used to make sure, that some part of
the code is executed only by one thread at a time. A critical section
needs to be created/initialized before it can be used and be released when it
is not needed anymore. Then, some code is protected using Enter/Leave
methods, which would lock its execution: in practice, only a single
thread would own the critical section, so only a single thread would
be able to execute this code section, and other threads would wait until the
lock is released. For best performance, the protected sections should be as
small as possible - otherwise the benefit of using threads may be voided, since
any other thread would wait for the thread owning the critical section
to release the lock.
We will now see that Delphi's TCriticalSection
may have
potential issues, and what our framework proposes to ease critical
section use in your applications.
« previous entries - page 3 of 13 - next entries »