You can use Embarcadero Technologies‘ RAD Studio 2010, Delphi 2010, C++Builder 2010, and Delphi Prism 2010 to build lightning-fast, rich native Windows, .NET, Web, and database applications. You can also decide to use the new DataSnap 2010 technology to build distributed applications with separate desktop or web clients, middle tier business logic application servers, and back end database servers. Bob Swart (aka Dr.Bob an IT consultant, developer, reseller, author, trainer and webmaster for his company Bob Swart Training & Consultancy - eBob42 - based in Helmond, The Netherlands) takes you from start to finish building DataSnap multi-tier applications.
Key new features in RAD Studio 2010 include:
- NEW! Cutting-edge support for touch- and gesture-enabling your apps on any Windows OS, including Windows 7
- NEW! IDE Insight for instant access to any feature, setting, or component
- ENHANCED! Support for the latest databases with DataSnap™ and dbExpress™
- NEW! Support for Firebird database!
- NEW! Over 120 developer-focused IDE enhancements
- and more
Your data, where you want, how you want it - watch the videos, read the paper!
Let Bob Swart ("Dr Bob") take you from the start with building DataSnap servers and clients on Windows, right through how to use filters, callbacks and build Web targets. Click http://www.embarcadero-info.com/in_action/radstudio/db.html to download his white paper and watch his new videos.
Please register to download the white paper at http://www.embarcadero-info.com/in_action/radstudio/db.html
White Paper: Delphi 2010 DataSnap: Your data – where you want, how you want it.
Table of contents
- DataSnap History
- DataSnap Windows Targets
- DataSnap and Databases
- DataSnap Filters
- DataSnap Web Targets
- HTTP(S) and Authentication
- REST and JSON
- DataSnap and .NET
- Summary
Ways to stay connected and up to date with Embarcadero
- Follow Us! Embarcadero on Twitter - http://twitter.com/EmbarcaderoTech
- Watch Us! Videos on YouTube - http://www.youtube.com/embarcaderotechnet
- Network with Us! Embarcadero on LinkedIn - http://www.linkedin.com/companies/embarcadero-technologies
- Take Part! Embarcadero Events - http://www.embarcadero.com/news/events.php
- The Blogosphere! Embarcadero employee blogs - http://blogs.embarcadero.com/
- Talk Shop! Embarcadero Discussion Forums - https://forums.embarcadero.com/index.jspa
{ 6 } Comments
"Security is no longer optional" - with DataSnap 2010 filters, you can easily create encryption filters, call Windows Crypto API, or use another encryption library. InterBase 2009 supports encryption at many levels in the database layer. Finally, you can also use HTTPS if you have a certificate for your Web Server.
The Filters for DataSnap 2010 were provided for just the security level you mention.
"Your data, where you want, how you want it ". Your right. Or better, "Your data, where anybody wants, how anybody wants it" Because there’s no security built-in, your data are easily readable by anyone and anyone can call into your server or tamper your data. More "distributed" than this is really hard to have. And don’t start with the "you can filter data" refrain - it is not enough to protect the data exchange properly, unless much more code is written (and called) before even to send the first datum. And still there would be issues.
I understand you need to sell your actual product, but next time try to think about the *real* world before designing a solution. Security is no longer optional.
Thanks, David (and Bob).
I’m glad to see DataSnap getting some love and appreciate seeing documentation and tutorials to help make these more accessible. Keep up the good work.
Luigi you really need to study DataSnap 2010. I recommend you to watch the CodeRage videos about DataSnap.
"anyone can call into your server or tamper your data"
This is not true, there is a HTTPAuthentication on the server side, so you have the control on the server side to allow or not the access for the server methods.
Also, the HTTP protocol has control of the session, so you can define a timeout, control sessions, implement load balance, failover, etc.
Also, the filters is a important part of the security layer, where you can add any filter you wanna, in other worlds OPEN ARCHITECTURE
DataSnap simplify a lot the security implementation, and also allow you to use other security layers like firewall, proxy, database encryption, etc.
1) HTTP authentication works if and only if you use HTTP. That’s not always the best solution, especially since HTTP is a stateless unidirection protocol. And what kind of HTTP authentication do you support?
2) If you have authentication, do you have authorization? Once a user is authenticated, how do you control which code he can call? Is each method call authenticaded and authorized, if needed? Sessions can be hijacked and redirected. Can filter be used to know which method is called by who, and return an error if the user has not enough rights? Have you a way to impersonate the security context of the caller on the server side, so his rights are checked while accessing other resources, especially using plain TCP/IP? Does the call dispatcher has hooks to control this?
Different users may have different rights. And this implementation can’t use any directory service to simplify user and rights management. Again, something to implement from scratch.
3) HTTP by itself does not implement nor failover nor loadbalace. If you tell me that IIS has way to implement them is another thing - but they are just at the HTTP transport layer and have no knowledge of what’s above.
4) I really wonder that people there are unable to understand your filter architecture is just a stopgap and unable to provide a way to implement real security. Please show me how do you implement the handshaking phase (exchanging session keys and the like) using filters. It coudl require several roundtrips to establish the security context.
Oh yes, I can write my handshaking methods, but it wouldn’t be as transparent as it should - each connection must perform the handshake calling the custom code.
5) "DataSnap simplify a lot the security implementation". Yes, it simplify everything up to the point there no security built-in.
6) "allow you to use other security layers like firewall, proxy, database encryption" I wish you could show how it could not allow them… given they are completely separate.
7) And above all: why should I spend a thousand euro more to buy a half backed solution and implement most of the security code myself? Both DCOM and WCF offer all above out of the box, and often transparently.
Quality problem with delphi error from 30/10/2006 REF:35900
Hallo
The problem is that dbexpress thinks that this sentence
select * from databasex::tablex where fieldx=:parameter1
Says that databasex::tablex is a parameter but this is a supported language feature of informix where I can select a table from other database that is running in the same informix server
Example :
You have two BD`s one is named PEX with the table TABLE1 and the other is named GCOMERCIAL with the table TABLE2
If you connect to PEX and you try to execute this select:
select * from GCOMERCIAL::TABLE2
You get one error because dbexpress thinks that GCOMERCIAL::TABLE2 is a parameter
The correct form is that after preprocess of the sentence
select * from databasex::tablex where fieldx=:parameter1
results in :
select * from databasex:tablex where fieldx=?
I was debugging and found that if I change:
I have modified SqlExpr.pas to support this but now i haven t support to create parameters automatically readed from sql sentences . I have to create them manually.
and this only functions with selects using Open not with ExecSql
procedure TSQLQuery.QueryChanged(Sender: TObject);
begin
if not (csReading in ComponentState) then
begin
Close;
SetPrepared(False);
if ParamCheck or (csDesigning in ComponentState) then
begin
FCommandText := SQL.Text;
FText := FCommandText;
SetParamsFromSQL(nil, False);
// start of change
FText:=FNativeCommand;
// end of change
end
else
FText := SQL.Text;
DataEvent(dePropertyChange, 0);
end
else
FText := FParams.ParseSQL(SQL.Text, False);
SetFCommandText(FText);
end;
And I still can’t execute sentences UPDATE INSERT or DELETE
Example
Update GCOMERCIAL::TABLE2 set field1="A"
Only we can execute if we use Paramcheck:=False and change the sentence to
Update GCOMERCIAL:TABLE2 set field1="A"
I get an error .
I’m having a lot of problem because we have a lot of legacy code from delphi5 migrated to Delphi 2006 and we have to change this , but
Sometimes we need use in the same sentence a DATABASE ALIAS and parameters
For we is a very very big problem
We have bugs in our applications every day for this problem because we need share data logic between differents versions of delphi
Delphi 7, Delphi 2006 Win 32 and Delphi 2006 Dotnet
Thanks in advance for your help
P.D. To test this you need an informix server with two databases
Post a Comment