BorlandTalk.com Borland discussion newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  Neglected QC "SOAP Session Support in TSOAPDatamodule" repor          BorlandTalk.com Forum Index -> Delphi WebServices SOAP View previous topic :: View next topic   Author Message Atle Smelvær Guest Posted: Wed Apr 11, 2007 3:46 pm    Post subject: Neglected QC "SOAP Session Support in TSOAPDatamodule" repor Now that CodeGear is working on SOAP for Win32 again it could be nice to fix up the TSOAPDatamodule for better usage. Here's a suggestion that will make it a lot easier working with SOAP datamodules and many clients. "DSML SOAP Session Support in TSOAPDatamodule" http://qc.codegear.com/wc/qcmain.aspx?d=12979 (In reported state for almost two years now) Could someone with SOAP knowledge QC admin rights look through the report and maybe open it. It contains a working sample with session handling supported (but with several nasty hacks so I didn't need to change and recompile the SOAP unit files). It would be a lot better if this was implemented into TSOAPDatamodule (and the wizard), as it is the most natural way to work with complete dataset's for each individual session. And then it will be available for everybody :) Kind regards, Atle. Back to top Jean-Marie Babet Guest Posted: Thu Apr 12, 2007 2:25 am    Post subject: Re: Neglected QC "SOAP Session Support in TSOAPDatamodule" r Hello Atle, Thank you for bringing this to my attention. I've promoted the report to RAID (#249063). And yes, I love reports that come with solutions. Thank you! Several fixes/enhancements that went in D2007 and HOTFIX10 were directly from code submissions. For example, the performance improvement for arrays of objects/multiref was directly from QC #26063 (as mentioned in the code). I'm currently tied up with another deadline for an upcoming release. However, as soon as things lighten up, I'll contact you about addition of session support. Are you in the Delphi-beta program? If yes, please do remind me of this on the beta-newsgroup. Cheers, Bruneau. Back to top Atle Smelvær Guest Posted: Thu Apr 12, 2007 8:13 am    Post subject: Re: Neglected QC "SOAP Session Support in TSOAPDatamodule" r Yes, I'm on the beta program. Thank you for looking at this :) Just send me an email when you want help on this subject. Kind regards, Atle Back to top Jean-Marie Babet Guest Posted: Thu Apr 12, 2007 10:10 pm    Post subject: Re: Neglected QC "SOAP Session Support in TSOAPDatamodule" r Thank you. I'll take a look at the code and contact you. In general what I need to know is how you think it would be best to release the change: #1 As an enhancement to the existing components #2 As new specialized versions of existing components #3 As wizard-enabled code. Often it's a combination of 1 & 3 or 2 & 3. If you have thoughts about these, do let me know. It will help me determine if this is a patch/update material or something that has to wait until a new release. Cheers, Bruneau. Back to top Atle Smelvær Guest Posted: Fri Apr 13, 2007 2:53 pm    Post subject: Re: Neglected QC "SOAP Session Support in TSOAPDatamodule" r Quote: I'll take a look at the code and contact you. In general what I need to know is how you think it would be best to release the change: #1 As an enhancement to the existing components #2 As new specialized versions of existing components #3 As wizard-enabled code. Often it's a combination of 1 & 3 or 2 & 3. This will have to be a combination of 1 & 3. Since activating session handling would fit nice into a new property on the clientside, and considering that the client only needs to keep a header and send it back, that would be an easy task. The server needs more adjustments, and also some adjustment on the wizard (add one extra "Session"choice in the radio list, and different code for that one). Just compare my sample with how the current wizard will create the initial code. But the changes will be easy to add without backward compatibility problems. You need a new local saving of header ID for each TSOAPDataModule, a hashlist that routes requests to the right TSOAPDataModule and some controlroutines for brute force and flood attacks. My sample contains everything except controlroutines for these two server attacks, but I might provide some sample there also if you want them. The easiest way to handle these attacks it to have a hashlist over IP adresses with sessioncount and invalidsessioncount on each, and a max count on each that time out after some time. Different timeout on sessioncount and invalidsessioncount, and different max values. I gues invalidsessioncount should normally be 2. IP adresses that create a new valid session inc sessioncount and IP adresses trying fake session count invalidsessioncount. Due to timeout, no bruteforce will work, and flood attacks will only create a max amount for that IP without affecting memory and other clients for that user. Attacks with fake IP is a different scenario though. Due to the usefulness of TSOAPDataModule in it's current state, I would rate this as a high priority on the TSOAPDataModule. Kind regards, Atle. Back to top Atle Smelvær Guest Posted: Fri Apr 13, 2007 3:04 pm    Post subject: Re: Neglected QC "SOAP Session Support in TSOAPDatamodule" r Quote: a max amount for that IP without affecting memory and other clients for that user. Attacks with fake IP is a different scenario though. Switch "user" with "server". -Atle Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         BorlandTalk.com Forum Index -> Delphi WebServices SOAP All times are GMT Page 1 of 1   Jump to: Select a forum C++ Builder Newsgroups----------------C++ BuilderC++ Builder (ActiveX)C++ Builder (Announcements)C++ Builder (Command Line Tools)C++ Builder DatabasesC++ Builder Databases (ADO)C++ Builder Databases (Desktop)C++ Builder Databases (InterBase Express)C++ Builder Databases (Multi-Tier)C++ Builder Databases (SQL Servers)C++ Builder (Graphics)C++ Builder (IDE)C++ Builder (Internet)C++ Builder (Internet Socket)C++ Builder (Internet Web)C++ Builder (Jobs)C++ Builder (Language)C++ Builder (Language C++)C++ Builder (Compatibility with MFC)C++ Builder (Native API)C++ Builder (Non-Technical)C++ Builder (Students)C++ Builder (Third Party Tools)C++ Builder (Upgrade)C++ Builder (VCL)C++ Builder (VCL Components Usage)C++ Builder (VCL Components Development)C++ Builder (VCL Usage)C++ Builder (WinAPI)C++ Builder Installation Delphi Newsgroups----------------Delphi (General)Delphi ActiveX Controls UsageDelphi ActiveX Controls DevelopmentDelphi As400Delphi DatabasesDelphi Databases (ADO)Delphi Databases (dbExpress)Delphi Databases (Desktop)Delphi Databases (InterBase Express)Delphi Databases (Multi-Tier)Delphi Databases (SQL Servers)Delphi DeploymentDelphi GraphicsDelphi IDEDelphi InternationalizationDelphi InternetDelphi Internet Isapi-WebBrokerDelphi Internet WebSnapDelphi Internet WinsockDelphi JobsDelphi Language BASMDelphi Language ObjectPascalDelphi Model Driven Architecture (General)Delphi Model Driven Architecture (Third Party)Delphi MultimediaDelphi Native APIDelphi Non-TechnicalDelphi ObjectPascalDelphi OLE AutomationDelphi OO designDelphi OpenToolsAPIDelphi Reporting-ChartingDelphi RTLDelphi StudentsDelphi TeamSourceDelphi Thirdparty ToolsDelphi Thirdparty Tools (General)Delphi Thirdparty Tools (IntraWeb)Delphi Thirdparty Tools (RaveReports)Delphi UpgradeDelphi VCLDelphi VCL ComponentsDelphi VCL Components UsingDelphi VCL Components WritingDelphi WebServices SOAPDelphi WinAPIDelphi XMLDelphi Installationcomp.lang.pascal.delphi.components.misccomp.lang.pascal.delphi.components.usagecomp.lang.pascal.delphi.components.writingcomp.lang.pascal.delphi.databasescomp.lang.pascal.delphi.misccomp.sources.delphi JBuilder Newsgroups----------------JBuilderJBuilder AnnouncementsJBuilder Applet IssuesJBuilder As400JBuilder CompilerJBuilder CORBA/RMIJBuilder DatabasesJBuilder DB SwingJBuilder DebuggerJBuilder DeploymentJBuilder DocumentationJBuilder EnterpriseJBuilder HandheldJBuilder IDEJBuilder JavaJBuilder JavaAPIJBuilder Java LanguageJBuilder Java SwingJBuilder Java BeansJBuilder Java Beans UsageJBuilder Java Beans DevelopmentJBuilder JBCLJBuilder JDataStoreJBuilder JobsJBuilder LinuxJBuilder MacintoshJBuilder & MobileSetJBuilder MultiLingual AppsJBuilder Non-TechnicalJBuilder OpenToolsJBuilder Servlets (JSP)JBuilder StudentsJBuilder Team DevelopmentJBuilder Thirdparty ToolsJBuilder UpgradeJBuilder Installation InterBase Newsgroups----------------InterBaseInterBase Bug DiscussionInterBase GeneralInterBase IBConsoleInterBase OpenSourceInterBase ReplicationInterBase SQLInterBase ThirdpartyInterBase Installation Miscellaneous Borland Newsgroups----------------AppCenterAppServerEnteraVisiBroker  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.