Icon View Thread

The following is the text of the current message along with any replies.
Messages 21 to 21 of 21 total
Thread Open Row exclusively
Wed, Oct 7 2015 11:53 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Pasquale,

Okay, I've got my EWB environment set up to run your application.  Can you now give me the steps to execute in your application to reproduce the example ?

Two other things:

1) In the future, do *not* send me your entire application.  Send me a cut-down example project that demonstrates the issue you are having, and nothing else.  It has taken me a lot of time to get everything set up to run your application.

2) Do *not* perform authentication in your client-side EWB application.  You should *never* send any authentication information to the client application, especially password hashes.  Everything that is sent to the client can possibly be intercepted, depending upon the situation, so to cut down on attack vectors, you should not do so.  Always use a TServerRequest instance to send authentication information to the back-end web server (https only !!!!) and use a web server module to authenticate against your users table in your SQL Server database.  There really is no need to use hashes on the client side if you're using a secure connection (https).  Just send over the user name/password, and let the web server module perform the hashing, etc. for authentication.  See here for more information on creating a web server module for EWB:

http://www.elevatesoft.com/manual?action=topics&id=ewb2mod&product=rsdelphi&version=XE&section=getting_started

Tim Young
Elevate Software
www.elevatesoft.com
« Previous PagePage 3 of 3
Jump to Page:  1 2 3
Image