Skip to content

The RAD Studio XE8 Summer (Northern Hemisphere) and Winter (Southern Hemisphere) of Security!

The RAD Studio XE8 Summer (Northern Hemisphere) and Winter (Southern Hemisphere) of Security!The RAD Studio XE8 Summer/Winter of Security!

This blog post contains information and links covering secure development topics for Delphi, C++Builder and RAD Studio XE8 developers. You’ll find secure computing introductory topics and starting information for InterBase database, components, libraries, Backend as a Service (BaaS), Cloud, App Tethering and more. Throughout the Summer (or Winter if you live in the Southern Hemisphere), I’ll continue writing about secure topics and showing sample development projects. If you have specific secure development needs, send an email to davidi@embarcadero.com

Interbase – security at the database, column and over-the-wire levels.

InterBase® XE7 is a full-featured, high performance, encryptable, multiplatform and scalable relational database for developers who are looking to embed a low-cost, zero admin, lightweight secure database into their cross platform connected applications. With InterBase XE7 you get powerful access control, data change management, disaster recovery and journaling, as well as support for popular database drivers for increased deployment flexibility.

Data security is a hot topic! The loss of data via cyber attacks can lead to loss of customers and reputation, lead to regulatory action, and even expose you to large fines. InterBase is here to help with its flexible on-disk and over the wire encryption capabilities. InterBase also benefits from inbuilt user authentication and security in place wherever your data files reside. Choose to encrypt the entire database or just a critical table or column, and define who can decode that data with powerful role based authentication. InterBase supports both Advanced Encryption Standard (AES) and Data Encryption Standard (DES) encryption.

InterBase Encryption is supported starting with InterBase 2009. InterBase enables you to encrypt information at one or both of the following levels:

  • Database Level Encryption (InterBase encrypts all of the database pages that contain user information).
  • Column Level Encryption (Column-level encryption is more flexible and specific).

Using InterBase Database Encryption you can also encrypt Database Backup Files. For more information about encrypting your data with InterBase, see Data Definition Guide

Security is provided in the InterBase Server, InterBase Desktop and InterBase ToGo editons. To see additional features of each InterBase edition go to the InterBase product editions page at http://www.embarcadero.com/products/interbase/product-editions

Additional links and videos about InterBase database encryption can be found at:

Rise to the Data Security Challenge: Creating Secure Database Applications using InterBase – OnDemand Webinar -http://forms.embarcadero.com/InterBaseSecurityWebinar5-28

Why Database Encryption Matters: Is the NSA reading this? http://blogs.embarcadero.com/stephenball/2013/12/18/why-database-encryption-matters-is-the-nsa-reading-this/ 

 

EMS

EMS (Enterprise Mobility Services) offers a Mobile Enterprise Application Platform (MEAP) that you can host in the Cloud or on the premises, to expose custom REST APIs and enterprise database data. The enterprise data access is provided by the FireDAC data access library.

EMS offers a comprehensive solution including REST API, remote database access, users tracking, and analytics. Compared to a do-it-yourself model, in EMS you have a pre-build server with core capabilities in which you can plug custom packages.

You can create custom packages to expose datasets and plain REST resources, and easily embed the client code to access those resources in mobile and desktop applications.

http://docwiki.embarcadero.com/RADStudio/XE8/en/Enterprise_Mobility_Services

EMS Server Authorization allows you to authorize or deny access to a EMS Resource or a particular EMS Endpoint in an HTTP request. The authorization depends on the credentials used in the HTTP request to the EMS Server.

http://docwiki.embarcadero.com/RADStudio/XE8/en/EMS_Server_Authorization

EMS allows you to use external credentials in your custom plugins to execute login and signup operations in the EMS Server.

http://docwiki.embarcadero.com/RADStudio/XE8/en/EMS_External_Credentials_Support 

 

DataSnap

DataSnap is a RAD Studio XE8 technology for Delphi and C++Builder that allows the development of multi-tier applications, most notably multi-tier database applications. DataSnap offers the possibility to create Client-Server applications that communicate through the Internet, the local network, or the local host.

The main feature of DataSnap is the ability of the Client application to invoke methods that are implemented on a Server. DataSnap automatically generates the necessary interface for the Client to communicate with the Server, containing the prototypes of the Server methods.

DataSnap provides a way for the Client to safely communicate with the Server, using a secured transfer of JSON (JavaScript Object Notation) data content over TCP/IP, HTTP and HTTPS. The ability to define filters at both ends of the communication channel, for encryption and compression purposes, improves the security.

DataSnap provides Encyption filter support for data sent. You can choose PC1 or RSA - In case of using the PC1 encryption filter, the Properties property holds the Key value to use for the encryption. If using the RSA filter, the Properties property holds a list of three properties, UseGlobalKey, KeyLength, and KeyExponent.

Start with the DataSnap Server Wizard. DataSnap Server Wizard provides an easy way to implement a server application using the DataSnap technology. Regardless of the options you select, it creates a ServerContainerUnit that contains a TDSServer component. All the additional components are connected to the TDSServer, having the Server property set to the name of the TDSServer component. If the selected protocol is TCP/IP, the server unit also contains a TDSTCPServerTransport. If HTTP is selected as the communication protocol, the server unit contains a TDSHTTPService component. If HTTPS is selected, then the server unit will contain a TDSHTTPService component configured for HTTPS operations.

http://docwiki.embarcadero.com/RADStudio/XE8/en/DataSnap_Server_Wizard

Additional DataSnap documentation pages:

 

Cloud Application Development

Building cloud based applications also involves security, authentication, storage and more.  RAD Studio XE8 provides several interfaces to cloud systems using the Cloud API runtime libraries with support for Amazon AWS and Microsoft Azure.

http://docwiki.embarcadero.com/RADStudio/XE8/en/Developing_Cloud_Applications

We also provide component interface for Backend as a Service (BaaS) providers Parse, Kinvey, App42 (a separate free download). These BaaS services provide their own secure interfaces for developers for user and device authentication, storage and push notifications.  You can find additional information on their sites.

Sarina Dupont has a series of blog and tutorial posts showing you how to use BaaS providers. Use the following community blog post and tags to find the articles:

 

App Tethering

The RTL provides app tethering components, giving your applications the ability to interact with other applications running either on the same machine or on a remote machine.

Using app tethering, your applications can easily:

The app tethering feature does not depend on a specific transport or protocol, and new transports and protocols can be implemented using the app tethering API. The RTL provides built-in support for IP and Classic Bluetooth connections. IP support includes connecting applications running on the same device.

You’ll find a wide range of App Tethering documentation and tutorials on the Embarcadero DocWiki:

 

HTTP/HTTPS

 

RAD Studio XE8 supports using the Native HTTP libraries on multiple devices.

http://docwiki.embarcadero.com/RADStudio/XE8/en/Using_an_HTTP_Client, http://docwiki.embarcadero.com/Libraries/XE8/en/System.Net.HttpClientComponent

You can also use OpenSSL with your secure applications. http://docwiki.embarcadero.com/RADStudio/XE8/en/OpenSSL, https://www.openssl.org/

 

TurboPower LockBox

TurboPower LockBox 2 (Win32, Win64, Android, OSX) and LockBox 3.5.2 (Windows, Android, OSX) cryptography libraries/components. You can download and install the latest releases for RAD Studio XE8 using GetIt  (Tools | GetIt) menu item in the IDE:

  

Secure C Library

The foremost reason why Secure C Library came into existence was the need for bounds checking for string handling functions in the C Library. There are many functions in the C Library that expect the caller to supply string parameters long enough to hold the result of the operations. When a larger string is written "over" a smaller string, in fact data is written past the end, overwriting other program data. This can lead to "mysterious" failures, as the program has no means of knowing if or when something went wrong.

A typical solution was to try to use strings that were "big enough" but this could lead to two problems: either the result was a waste of space, or the user’s "big enough" was not big enough in practice. In addition, buffer overflows can be exploited in order to run harmful code, compromising the security of operating systems and networks.

For many C Run-time Library functions, the Secure C Library introduces extra parameters that are used for bounds checking of character arrays, and data is never written past the end of an array. Besides that, it introduces run-time constraints and the means for the user to set his own run-time violation handling functions. Doing so, the program can know when and where something goes wrong with a character array and can fix the error, or fail gracefully.

http://docwiki.embarcadero.com/RADStudio/XE8/en/Secure_C_Library

 

Windows CryptoAPI

You can always call Windows SDK functionality even if we have not wrapped the API in our RTL or components. Here is the Microsoft SDK URL for CryptoAPI –

Cryptography - https://msdn.microsoft.com/en-us/library/windows/desktop/aa380255(v=vs.85).aspx

Cryptography API - https://msdn.microsoft.com/en-us/library/ms867086.aspx

 

IP*Works! By /n software

Internet components that are provided as part of the RAD Studio XE8 Registered User Downloads.

The full version of /n software’s IP*Works components - A comprehensive suite of components for Internet communications including more than 40 individual components covering every major Internet Protocol. IP*Works! eliminates the complexity of Internet development, providing easy-to-use, programmable components that facilitate tasks such as sending email, transferring files, managing networks, browsing the web, and consuming web services.

You can then purchase their addon packs for SSL, SSH and more at

Registered user download links:

 

Project Indy Internet Components

Project Indy includes a range of components for RAD Studio XE8 supporting a wide range of Internet protocols, clients, servers and more. You can find additional information on our DocWiki about the components and how to secure Indy based network connections:

 

I will be covering additional RAD Studio XE8 secure development topics throughout the summer. Stay tuned for demos and articles on the above topics as well as secure development for REST, SOAP and other web based architectures.

Have a great Summer or Winter depending on which hemisphere you live it :D

 

RAD Studio XE8 runs on the latest Windows 10 Insider Preview Build 10158

RAD Studio XE8 (Original Release and Subscription Update 1 versions) runs on the latest Windows 10 Insider Preview Build 10158. The Update/Install, on my MacBook Pro running Parallels for the Mac Desktop, took a while, at least 15 minutes time (but I did not run a clock as I was working on other computers at the same time).  There were several reboots in the process. So, you’ll want to “Sit back and relax” according to the Microsoft Upgrading Windows screen.

I tested the already installed RAD Studio XE8, the IDE launches without a problem. I built "One Button" apps for VCL and FMX, ran without a problem. I tried a few sample of the sample apps and used the Windows 10 style – all good too. InterBase XE7 64-bit developer server– runs as a service with no issues.

I used GetIt (Tools | GetIt) to download the Delphi Windows RT library. Grabbed Marco’s sample app from his dropbox link. Build the sample – Notification works.  Note: Microsoft has renamed the "Notification Center" as the “Action Center” even though when you hover over the toolbar icon – it still reports “New Notifications Available”. Read Marco’s blog post at http://community.embarcadero.com/index.php/blogs/entry/windows-10-notifications-from-a-vcl-app-with-the-winrt-api for additonal information and the link to the sample app (https://dl.dropboxusercontent.com/u/133855/WinRTCheck.zip).

A final note - in Windows 10 build 10158, Microsoft Edge now has a graphically stylized lower case “e” for its icon on the toolbar :D

 

The question is: Will the latest Xcode (6.3.2) work with Delphi XE8 Update 1?

I received an email just now from another David, saying "I haven’t found this information on your website…The question is: Will the latest Xcode (6.3.2) work with Delphi XE8 Update 1?". I have installed RAD Studio XE8 Subscription Update 1, installed the updated PAServer on my Mac to match the IDE, and I have Xcode version 6.3.2 running on my Mac. I am running iOS 8.3 on my iPhone 6 and iPad Air 2. To answer David (I also replied to his email): All is good with my development, testing and deployment of iOS and OSX apps.

Here are the screen grabs of my about boxes for both tools:

RAD Studio XE8 Subscription Update 1 about box

Xcode 6.3.2 about box

My guidance to developers is always, when you learn that there is a platform update, stay tuned to our blogs and wait until you hear from us that it is safe to go in the water before installing updates to the underlying platforms and devices we are using and targeting.  We give general platform version guidance at "Supported Target Platforms" pages (and links to specific target platforms) at http://docwiki.embarcadero.com/RADStudio/XE8/en/Supported_Target_Platforms.

I will work with our team to create a single spot where we can always update the version number dependencies and support we have, especially given that the platform vendors are making impactful changes these days even in what would normally be considered minor updates.  Stay tuned for a permanent URL.

 

What’s new and fixed in RAD Studio, Delphi and C++Builder XE8 Subscription Update 1

Two articles on our DocWiki and Community site provide the details about what is new and fixed in the recently released RAD Studio, Delphi and C++Builder XE8 Subscription Update 1. The update is available via the registered user downloads are (both in ISO and Web install versions). You can tell if you have Update Subscription by using the Help | License Manager menu item.  Select your registered XE8 release and look in the center panel of the License Manager window and you will see the following text - "Is Subscription: Yes" .

For my RAD Studio XE8 original release, my License Manager displays the following (serial # edited out):

Title:  RAD Studio XE8 Architect Named User
License file name:  .8216_52.1427845488219.slip
Trial license:  No
License Expiration Date:  3/1/2016
Days Left:  256
Is Subscription: Yes
Subscription Expiration Date: xx/xx/xxxx
License Type:  Workstation
Serial number:  xxxx-xxxxxx-xxxxxx-xxxx
Registered:  Yes
Platform:  Windows
Commercial use:  Yes

Before you install XE8 Subscription Update 1, you need to uninstall the original XE8 release. You can choose to keep your registry settings so that your known packages and IDE settings will be kept when you do the update 1 install.

What’s new in Delphi and C++Builder XE8 Subscription Update 1 - http://docwiki.embarcadero.com/RADStudio/XE8/en/What%27s_New_in_Delphi_and_C%2B%2BBuilder_XE8#What.27s_New_in_XE8_Subscription_Update_1

Subscription Update 1 Fix List for RAD Studio XE8, Delphi XE8, and C++ Builder XE8 - http://edn.embarcadero.com/article/44470

Thirty Years working with these programming tools - Today, June 17, 2015

Eating a wonderful cake this afternoon in Scotts Valley to celebrate my 30 years working with developers and these development tools. So many memories and so much fun programming, building tools, visiting with customers and working with the great teams here at Embarcadero Technologies. The apps we can build today are so far beyond what we could do back when I started at Borland. I met Philippe Kahn at Comdex Las Vegas, November 1983 where he gave me 8" CPM/80 and 5.25" PC-DOS copies of Turbo Pascal version 1.0. I immediately popped the DOS disk into my IBM PC and was hooked. After a job interview on Philipe’s sailboat in Monterey Bay in the Spring of 1985, I was offered a job at Borland and started on Monday, June 17, 1985.

Thank you so much PK for that start. Thank you to the tens of thousands of employees and alumni that I have had the priviledge to work with here in Scotts Valley and around the world. Thank you to Wayne Williams and Michael Swindell for continuing to allow me to help our customers.

I am still having so much fun, still learning how to program for new platforms and devices, still writing code after all these years. I am loving it every day.

Huge hugs, thanks and much love to my wife Martha and our three girls Gina, Molly and Emily for allowing me to have this job and this much fun!

The technical fun and innovation never stops! It’s amazing what our developers are working on for the future. My advice for a long, happy programming career? Keep writing code every day and enjoy every minute of life with your family, friends and computers :D

 

RAD in Action: Windows 10 is Coming Soon, Get Ready Now with RAD Studio XE8 - resource links

Our "RAD in Action: Windows 10 is Coming Soon: Get Ready Now with RAD Studio XE8" webinar is today, Wednesday, June 17, 2015. This blog post contains the links to additional resources that we mentioned during the webinar. The presentation team includes: David Intersimone “David I” – Embarcadero Chief Evangelist, John (JT) Thomas – Senior Director Product Management, Developer Tools, Pete Brown, Microsoft Technical Evangelist, Marco Cantu – Embarcadero Senior Product Manager, and Jim McKeeth – Embarcadero Lead Worldwide Evangelist/Engineer.

Thank you to all the developers who joined us today!

Cool, New Virtual Piano Keyboard Delphi component

We have a new Embarcadero Technology Partner, Maestro Music Software, creators of the Virtual Piano Keyboard component for Delphi. This is so cool to play with.

Some text from their web site - http://musicomponents.com/

Virtual Piano Keyboard is a high-quality Delphi component that allows developers of music and multimedia software for implementing functions of keyboard instruments like pianos and synthesizers.

Virtual Piano Keyboard will become the core part of your programs, contributing to their success and popularity. You can easily and seamlessly integrate Virtual Piano Keyboard into a variety of teaching, gaming, professional, music and multimedia projects.

 

Maestro Music Software is showing us all how to create wonderful and useful components. I hope we see additional music components. Imagine being able to build your own band using components and a timeline. I’m often asked about Midi components as well.

Imagine the possibilities! Keep up the great work guys :D

 

IoT in Action: Building a Modern Healthcare Application - Webinar resources and links

On Wednesday, May 20, 2015 I am presenting a webinar titled "IoT in Action: Building a Modern Healthcare Application". The webinar presents the development of connected, multi-device solutions for the healthcare industry, using Beacons and Bluetooth LE devices. During this session, David Intersimone, Vice President of Developer Relations and Chief Evangelist at Embarcadero, demonstrates how developers can use RAD Studio XE8, which supports Proximity Beacons and Enterprise Mobility Services Push Notifications, to build a modern medical application solution for a hospital or doctor’s office.

IoT in Action: Building a Modern Medical Application for a Hospital or Doctor’s Office

Digital devices are proliferating inside medical offices and hospitals, and Bluetooth wearables are being used to capture biometric information. These devices, which are part of the IoT landscape, are providing higher levels of patient monitoring, medical office productivity, and patient information management. Recognizing the potential of these connected devices to transform the everyday experience of visiting a healthcare provider, this webinar will give developers a first hand look into:

  • RAD Studio XE8 connected app development for Windows, OS X, iOS, Android and the Internet of Things
  • FireUI and VCL application development for desktop, smartphone, and tablet devices
  • Proximity-based application development using the new TBeacon component supporting the use of iBeacon and AltBeacon
  • Bluetooth LE development for state-of-the-art medical devices including Heart Rate Monitors, Digital Weight Scales, and more
  • Enterprise Mobility Services (EMS) support for Apple Push Notification Service (APNS) and Google Cloud Messaging (GCM)

Webinar Resource Links

The following are links to additional information used in the Webinar:

I will also upload the slides after the webinar is completed and provide a link here.

Today’s RAD Studio XE8 Live Online Deep Dive Workshop - Agenda/Times

RAD Studio XE8 Deep-Dive Online Workshop, Saturday, May 16, 2015 - 8:00am -1:00pm Pacific / 11:00am-4:00pm Eastern

Discover more about how to:

  • Make the most of your VCL Windows applications in a connected world
  • Move existing code up to new levels of scalability, performance and integration
  • Extend existing code and build new apps to embrace mobile, new devices and Internet of Things
  • Utilize high-performance, easy-to-use, enterprise database connectivity
  • Embrace the latest compilers and toolchains
  • Be the most productive you have ever been – for Windows and beyond!
  • …and much more!

Join us for all the technical developer fun - http://forms.embarcadero.com/RADXE8DeepDiveWebinar?cid=701G0000000tKTx

The Workshop Agenda

Start Time Duration Topic Presenter(s)
8:00 5 Intro and Agenda David I
8:05 10 NEW! iOS64bit – OP and C++ David I
8:15 5 NEW! GetIt Package Manager: Access and install from the cloud, popular VCL and FMX source code libraries, components and tools like AsyncPro and Power PDF right from within the IDE. Get the updated TurboPack for free! David I
8:20 5 NEW! MapView component for iOS/Android David I
8:25 10 FireUI multi-device designer and NEW! Multi-device preview + TWebBrowser JimM
8:35 5 NEW! IDE Settings Migration JimM
8:40 5 XE8 Premium Styles – VCL and FMX Al
8:45 5 NEW! Box2D - A 2D physics engine for your VCL and FMX applications Al
8:50 20 ENHANCED! App Tethering: Now it’s easier than ever to extend your VCL and FMX desktop application UI, data and control to mobile and wearables via WiFi, ethernet or Bluetooth now with hooks for data Al
9:10 10 Break #1 BREAK
9:20 20 NEW! More than 20 New IDE Features for Coding Productivity: Code faster and more efficiently with new refactorings, multi-paste support, clipboard history, parenthesis matching, Smart Keys, Code Navigation Toolbar, project statistics and more. JimM
9:40 10 NEW! AppAnalytics: Finally understand exactly how your customers use your VCL or FMX app. Simply add the TAppAnalytics component and get instant access to application usage statistics through your cloud dashboard. David I
9:50 20 RECENTLY ADDED! Easily Add Parallel Processing to Your New and Existing VCL/FMX OP and C++ Apps: Delivering 2x to 8x performance gains on Multi-Core systems. David I & JimM
10:10 30 NEW! Unit Testing: It’s has never been easier or more complete with the new integrated DUnitX testing framework Nick Hodges
10:40 10 Break #2 BREAK
10:50 5 NEW! Native Platform HTTP/S VCL/FMX Support for Windows, Mac, iOS and Android: Makes must-have secure connections a snap. Al
10:55 25 ENHANCED! FireDAC: The best DAC gets better with Updates Management, dbExpress migration, SQLite encryption, InterBase XE7 Change Views. Stephen
11:20 10 Devices – BluetoothLE support (VCL via Win8.1, FMX) JimM
11:30 15 NEW! IoT, Beacons and More: Easily add IoT gadgets and sensors, like proximity beacons, into your existing Windows VCL and FMX apps. JimM
11:45 10 ENHANCED! Parse/Kinvey MBaaS Cloud Services: Easily power your VCL and FMX desktop and mobile application backend infrastructure in the cloud with user management, push notifications, data storage and more. David I
11:55 30 ENHANCED! EMS (Enterprise Mobility Services): Easily integrate your applications to your enterprise and to the world with Push Notifications, REST API publishing, external credentials, database connection pooling, client API component, new administrative app and more. Al
12:25 15 Deep Dive into a Modern Healthcare Application that uses EMS, InterBase XE7, smartphones, tablets, devices and proximity beacons David I
12:40 20 Summary and Final Q&A Everyone
13:00 300 Minutes  

RAD Studio XE8 this week: Wednesday Lunch & Learn and Saturday Deep Dive

RAD Studio XE8: Wednesday Lunch & Learn and Saturday Deep Dive

Don’t miss this chance to join David I for one of these FREE technical online workshops and be among the first to see the latest RAD Studio XE8!

Lunch & Learn Webinars
Bring your own lunch at your office for a 
2-hour Lunch & Learn session.
Deep-Dive Online Workshop
Attend a special 5-hour Deep Dive with David I, Jim McKeeth, Al Mannarino and Nick Hodges
Wednesday, May 13, 2015
9am PDT / 12pm EDT
12pm PDT / 3pm EDT
Saturday, May 16, 2015
8am-1pm PDT / 11am-4pm EDT

Learn about the new features and benefits of using Embarcadero’s RAD Studio XE8 and Appmethod for cross-platform app development. Build apps using a single-source codebase (either Object Pascal or C++) that compiles down to native executables for Windows, Mac OS X, Apple iOS, and Android, including universal binaries for iOS (both ARMV7 and ARM64).

Discover more about how to: 

  • Make the most of your VCL Windows applications in a connected world
  • Move existing code up to new levels of scalability, performance and integration
  • Extend existing code and build new apps to embrace mobile, new devices and Internet of Things
  • Utilize high-performance, easy-to-use, enterprise database connectivity
  • Embrace the latest compilers and toolchains
  • Be the most productive you have ever been – for Windows and beyond!

…and much more!

The workshop will include detailed technical demonstrations and live Q&A. Saturday’s session will include a Deep Dive into a Digital Medical Technology application that uses devices and proximity beacons.

Register today and download a copy of RAD Studio XE8 in advance to follow along.

Bad Behavior has blocked 4 access attempts in the last 7 days.

Close