Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 21 to 30 of 53 total |
How To Perform A Multi-Field Dataset Search? |
Mon, Oct 5 2015 12:59 PM | Permanent Link |
Raul Team Elevate | On 10/5/2015 10:04 AM, Frederick Chin wrote:
> What would be the best way to securely connect to a desktop computer with the EWB web server running and if the server does not have a fixed IP address? Is the client accessing the server from the same machine or different ones ? Without fixed IP you're going to have some problems here - do you have any name resolution capability ? Usual solution here is to use a DNS name (and make sure either your dhcp server or client update the dns record). in terms of actual TLS EWB Web server does not natively support TLS yet so you'd need to use stunnel (number of messages in newsgroups about it). Raul |
Mon, Oct 5 2015 1:03 PM | Permanent Link |
Raul Team Elevate | On 10/5/2015 11:51 AM, Frederick Chin wrote:
> I recently created a user login module with EWB and it took me the better part of two days of work to complete by trial and error, with constant referencing to the manual, and yet, I still have the feeling that I cobbled the module together rather than being knowledgeable, coding it. You really should not be using dataset handling to authenticate usernames and passwords in the first place - with javascript apps assume ALL communication is trivial to eavesdrop on and any of your web service calls trivial to manually run in a browser (i.e. i can just use wildcard search in your query etc to obtain list of all your usernames/passwords if that's how you look up auth info). Authentication really needs to be handled on the back end - you get username/password from user and then pass it on to back-end to get Valid/Invalid result back (and add some protection there so one cannot bruce force thousands of requests). Raul |
Mon, Oct 5 2015 3:13 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Frederick,
<< It does not explain what I should do to emulate the functionality of LOCATE. >> That's because there *isn't* a Locate in EWB. EWB's documentation is for EWB, not about every single thing that is different from Delphi. It would take 20 times the amount of documentation already present to list everything that's different between the two products. << I finally managed to get the results I wanted for a multi-field search by trial and error. Even then, I am not sure if it should be done that way because there is no "official" writeup. >> The manual specifically states in the first paragraph on searching right before the example: "Once the dataset is in the "Find" state, you can assign values to the columns in the dataset and then call the Find method to execute the actual search." The rest I'm going to ignore and just chalk up to frustration. But, just keep in mind, this isn't the complaint department. If you don't want to use EWB or don't like it, then don't use it. These forums are for positive, constructive questions and answers for those wanting information on how to best use the product, not a bunch of back and forth bickering. Tim Young Elevate Software www.elevatesoft.com |
Mon, Oct 5 2015 5:09 PM | Permanent Link |
Jim Gallagher | Matthew Jones wrote:
<<But EWB has security built in if you use EDB, so consider switching. FWIW I had my shop working with DBISAM and decided to switch to a grown up EDB and it was only a few hours.>> While there are technical advantages to use EDB over DBISAM, I would have to think that one could write secure code OR insecure code with either one, as far as user authentication goes. If there is something inherently insecure about using DBISAM, what would that be? I'm not being argumentative, I'm just curious, since I use DBISAM (or MySQL) and don't have a license for EDB. -Jim |
Mon, Oct 5 2015 5:51 PM | Permanent Link |
Raul Team Elevate | On 10/5/2015 5:09 PM, Jim Gallagher wrote:
> Matthew Jones wrote: > While there are technical advantages to use EDB over DBISAM, I would have to think that one could write secure code OR insecure code with either one, as far as user authentication goes. If there is something inherently insecure about using DBISAM, what would that be? I'm not being argumentative, I'm just curious, since I use DBISAM (or MySQL) and don't have a license for EDB. I am using DBISAM with EWB but not with EWB Web server so some of the following might not be fully accurate. I believe the point here is that if you use local connection (i.e. file system) then there is no authentication option for DBISAM in the product itself (same way dbsys does not ask you to login when opening local db tables). DBISAM only provides authentication when used thru dbsrvr (i.e. remote session) since dbsrvr does the auth. That should work same way for EWB web server as well i would assume. EDB is different (catalog vs file system) architecture and any data access operation would require login (even local file system session) hence it's easier to use auth with EDB. You can do your own auth using the TEWBServerRequest instances in server as well but i think original question was more about built-in capabilities. Raul |
Mon, Oct 5 2015 6:03 PM | Permanent Link |
Matthew Jones | Indeed, EDB has users and roles and permissions built in. I presume, for I
use my own authentication code, that EWB uses that too. I think I saw such in the data links. Tim has thought through a lot of these things, so maybe DBISAM is sorted too, but I doubt to the same degree. As with using https, you have to consider how something is to be used and if it is on the internet then authentication without https and proper password salting would be a problem waiting to happen. It isn't hard to do it right. -- Matthew Jones |
Mon, Oct 5 2015 8:38 PM | Permanent Link |
Jim Gallagher | Matthew Jones wrote:
<<Indeed, EDB has users and roles and permissions built in. I presume, for I use my own authentication code, that EWB uses that too. I think I saw such in the data links.>> Thanks, Raul and Matthew. OK, I think I understand. Your concerns are with dataset access to server tables. In my ignorance, I avoid that access method, since I don't have grid-oriented applications, and having a dataset access server data sounds a little scary to me. Assuming that DBISAM tables are password protected, and are accessed via https: from a module with the user supplying the username and password once only up front, then even local DBISAM access on a server could be made secure. -Jim |
Mon, Oct 5 2015 10:26 PM | Permanent Link |
Frederick Chin | Matthew,
/* I don't use modules, sorry. But EWB has security built in if you use EDB, so consider switching. FWIW I had my shop working with DBISAM and decided to switch to a grown up EDB and it was only a few hours. Also, this went by my feed: http://blog.learningtree.com/why-you-need-to-pay-attention-to-the-wyndham-case/ Doing things properly protects you from lawsuits! */ Changing to EDB would be difficult in my case as the applications using DBISAM are pretty complicated and I would hesitate to alter a functioning program and cause all types of support headaches. I like DBISAM because of its simplicity and since this is Tim's product, I'm sure that he can suggest some way to have it work securely with EWB. Frederick |
Mon, Oct 5 2015 10:39 PM | Permanent Link |
Frederick Chin | Raul,
/* Is the client accessing the server from the same machine or different ones ? */ The client will access the DBISAM tables over the Internet. /* Without fixed IP you're going to have some problems here - do you have any name resolution capability ? Usual solution here is to use a DNS name (and make sure either your dhcp server or client update the dns record). in terms of actual TLS EWB Web server does not natively support TLS yet so you'd need to use stunnel (number of messages in newsgroups about it). */ I think I am going to use a dynamic DNS together with stunnel for the computer hosting the DBISAM tables. Will this work? Frederick |
Mon, Oct 5 2015 11:04 PM | Permanent Link |
Frederick Chin | Tim,
/* That's because there *isn't* a Locate in EWB. EWB's documentation is for EWB, not about every single thing that is different from Delphi. It would take 20 times the amount of documentation already present to list everything that's different between the two products. */ I understand that there is no Locate in EWB but all I am asking is how do you emulate it in EWB. Let's look at the following live examples:- DBISAM table is MNPSMAIN.DAT with an index on the NAME column. Example 1:- with Mnpsmain do begin Columns['name'].SortDirection:=sdAscending; Columns['password'].SortDirection:=sdAscending; SortCaseInsensitive:=True; Sort; InitFind; Columns['name'].AsString:=edtName.Text; Columns['password'].AsString:=edtPassword.Text; lOK:=Find(False,True); lOK returns True if name and password combination are in my DBISAM table and False if not. This is a correct result. Example 2:- with Mnpsmain do begin Columns['name'].SortDirection:=sdAscending; Columns['password'].SortDirection:=sdAscending; { SortCaseInsensitive:=True; Sort; } InitFind; Columns['name'].AsString:=edtName.Text; Columns['password'].AsString:=edtPassword.Text; lOK:=Find(False,True); With the Sort methods taken out, lOK still returns True if name and password combination are in my DBISAM table and False if not. This is a correct result. Example 3:- with Mnpsmain do begin Columns['name'].SortDirection:=sdAscending; //Columns['password'].SortDirection:=sdAscending; { SortCaseInsensitive:=True; Sort; } InitFind; Columns['name'].AsString:=edtName.Text; Columns['password'].AsString:=edtPassword.Text; lOK:=Find(False,True); With the Sort methods AND the password column's SortDirection taken out, lOK still returns True if name and password combination are in my DBISAM table and False if not! This is a correct result but why? Is there some sort of cache in place? /* The manual specifically states in the first paragraph on searching right before the example: "Once the dataset is in the "Find" state, you can assign values to the columns in the dataset and then call the Find method to execute the actual search." */ It is not obvious because the example shows a simple field search. With the examples I gave above, which I obtained by trial and error, you can see how confused I am. /* The rest I'm going to ignore and just chalk up to frustration. But, just keep in mind, this isn't the complaint department. If you don't want to use EWB or don't like it, then don't use it. These forums are for positive, constructive questions and answers for those wanting information on how to best use the product, not a bunch of back and forth bickering. */ You did ask me for an example for the manual and I gave you one, in the hope you could add more. I don't believe I stated anywhere in my previous forum message that I don't like or don't want to use EWB. No software tool is perfect and I don't expect EWB to be but I expect that you would be interested in improving EWB based on feedback. P.S. I will continue to use EWB because it is currently the only tool that will access DBISAM tables natively and also to irritate the heck out of you. Frederick |
« Previous Page | Page 3 of 6 | Next Page » |
Jump to Page: 1 2 3 4 5 6 |
This web page was last updated on Wednesday, April 24, 2024 at 11:07 AM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |