Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 31 to 40 of 41 total |
1000 Databases With 64 Datasets Each Crashes The EWB Server |
Sun, Aug 12 2018 11:28 AM | Permanent Link |
Frederick Chin | Hi Ronald,
/* You can not create a database this way. This is not thread safe. You need to read this: https://www.elevatesoft.com/manual?action=viewtopic&id=dbisam4&product=delphi&version=5&topic=multi_threaded_applications In my apps I have set name of the database encrypted in the query that I give to the customer so the client know which database to use. In the actual call to the server the name is visible of course, but that is not a securityissue because you need to be authenticated before you can */ Thanks for the reference and pointers. These will be useful when I try it again. -- Frederick |
Sun, Aug 12 2018 3:26 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Frederick,
<< It is from the client side. If you are saying that the web module needs to be written so that the data from a different database is passed back to the EWB client, it is going to be a huge job with the 64 datasets I have currently If it is simpler, examples would be appreciated. >> One of the parameters that is included with every database request is the "database" parameter: https://www.elevatesoft.com/manual?action=viewtopic&id=ewb2&topic=API_Reference Given this information, you can (relatively) easily construct a web server module that allows the TEWBDatabaseAdapter.HandleRequest method to do most of the heavy lifting and just asks you for various bits of information at the correct time: https://www.elevatesoft.com/manual?action=viewmethod&id=ewb2mod&product=rsdelphiwin32&version=10T&comp=TEWBDatabaseAdapter&method=HandleRequest I say "relatively" because you *do* need to define all 64 of your datasets as regular TDataSet instances (TDBISAMTable/TDBISAMQuery instances if using DBISAM) on the web server module along with a TEWBDataSetAdapter instance for each, but you can also handle them programmatically if you don't want to drop that many components on the web server module. However, apart from setting up the database/datasets, there isn't much else to do - the HandleRequest method does pretty much everything for you. << Don't tease us already. Release it next week! >> I know, it's taking forever. However, just remember that every bit of extra coding I'm doing will result in less work for yourself. Tim Young Elevate Software www.elevatesoft.com |
Sun, Aug 12 2018 7:00 PM | Permanent Link |
Frederick Chin | Tim,
Thanks for the reference links. /* I know, it's taking forever. However, just remember that every bit of extra coding I'm doing will result in less work for yourself. */ That's true but I believe the value of your extraordinary work diminishes exponentially as the length of time before they are seen increases. -- Frederick |
Mon, Aug 13 2018 7:53 AM | Permanent Link |
Matthew Jones | Ronald wrote:
> cCustomerID:=Request.RequestParams.Values['customerid']; > LocalDatabase.Directory:='c:\datalist\db'+cCustomerID; I hope that there is better validation than that - both at a validity level, and an account level. If I can put '../../blah' in there, then I'm anywhere on your disk, including other customers data. But given you are at the "how can I get this working at all stage", I'm sure you will add more to it later. -- Matthew Jones |
Mon, Aug 13 2018 10:06 AM | Permanent Link |
Frederick Chin | "Matthew Jones" wrote:
/* I hope that there is better validation than that - both at a validity level, and an account level. If I can put '../../blah' in there, then I'm anywhere on your disk, including other customers data. But given you are at the "how can I get this working at all stage", I'm sure you will add more to it later. */ Would someone be able to decipher what is being communicated between the EWB app, EWB server and DLL even with a secure connection? -- Frederick |
Mon, Aug 13 2018 10:13 AM | Permanent Link |
Matthew Jones | Frederick Chin wrote:
> Would someone be able to decipher what is being communicated between the EWB app, EWB server and DLL even with a secure connection? Of course. All there in full detail in the browser's debug window. Just press F12. And with that, I can make any other code look exactly the same, and try db001, db002, db003 etc. Hence the need for additional validation. -- Matthew Jones |
Mon, Aug 13 2018 11:42 AM | Permanent Link |
Ronald | "Matthew Jones" wrote:
< I hope that there is better validation than that - both at a validity level, and an account level. If I can put '../../blah' in there, then I'm anywhere on your disk, including other customers data. But given you are at the "how can I get this working at all stage", I'm sure you will add more to it later. > Hi Matthew, If the user connects to the site, the server gets de name of the database from the query. Then the user must indentify himself. If he is found in the database that was sent with the query, the user gets gets a unique token that is saved in his account. In all requests after the identification this token is sent to the server (in a cookie). So on every request I check if the token exists in the user database. If the user is found and his role corresponds with his request, the request is granted. I have created a webservermodule that uses dbisam tables and based on the databasename, I connect my TSQLQuery to the correct directory and execute the correct sql script. Greetings, Ronald |
Mon, Aug 13 2018 12:05 PM | Permanent Link |
Matthew Jones | Ronald wrote:
> gets gets a unique token Sounds sensible - so long as that is a GUID or similar real complex thing rather than a simple integer or whatever. -- Matthew Jones |
Mon, Aug 13 2018 12:18 PM | Permanent Link |
Ronald | "Matthew Jones" wrote:
< Sounds sensible - so long as that is a GUID or similar real complex thing rather than a simple integer or whatever. > Hi Matthew, I use this: Result:='M'+Pad(IntToStr(DayOf(Date)),2,'0')+ Pad(IntToStr(MonthOf(Date)),2,'0')+ Pad(IntToStr(YearOf(Date)),4,'0')+ Pad(IntToStr(HourOf(Time)),2,'0')+ Pad(IntToStr(MinuteOf(Time)),2,'0')+ Pad(IntToStr(SecondOf(Time)),2,'0')+ Pad(IntToStr(MSecondOf(Time)),4,'0')+ Pad(IntToStr(Random(0,9999)),4,'0')+ Pad(IntToStr(Random(0,9999)),4,'0')+ Pad(IntToStr(Random(0,9999)),4,'0'); Greetings, Ronald |
Mon, Aug 13 2018 3:49 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Frederick,
<< That's true but I believe the value of your extraordinary work diminishes exponentially as the length of time before they are seen increases. >> Well, I can only work so much and so fast and still have a life, so there have to be trade-offs. There just isn't a lot of money in this market anymore, so I need to support and update 3 products to maintain about 1/2 the revenue that we used to see with *1* product. This is all out of our hands, and I just try the best as I can to do what I can without killing myself in the process. My priority is always quality over quantity, and I know that's not a popular stance nowadays, but I cannot afford to generate more support issues for myself. Tim Young Elevate Software www.elevatesoft.com |
« Previous Page | Page 4 of 5 | Next Page » |
Jump to Page: 1 2 3 4 5 |
This web page was last updated on Wednesday, May 15, 2024 at 08:40 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |