You are not logged in.
- Topics: Active | Unanswered
#51 Re: mORMot 2 » Security Problem with Session Cookie » 2025-03-19 09:38:13
Hi Arnaud i testet it today an it seems to be secure now, could not use deletet Cookie any more.
#52 Re: mORMot 2 » Delphi 12.3 doing timeout error starting server » 2025-03-19 09:37:11
I have the same observation
#53 mORMot 2 » How Get RemoteIP correctly ? » 2025-03-17 18:36:57
- itSDS
- Replies: 1
Hi Arnaud,
i try to get RemoteIP in MVC Server.
I set RemoteIPServer either to X-Real-IP or X-Forwarded-For.
But how can i access/Request RemoteIP from function in MVC-Server ?
i tried it this way:
function TMyMVCApplication.GetCallerIPAdresse: RawUtf8;
begin
Result := FindIniNameValue(pointer(ServiceRunningContext.Request.Call.InHead), 'REMOTEIP: ');
if Length(Result) = 0 then
Result := ServiceRunningContext.Request.Call.LowLevelRemoteIP;
if Length(Result) = 0 then
Result := '127.0.0.1';
end;But RemoteIP is empty
Thank you
#54 Re: mORMot 2 » Bug with Log To SynLz » 2025-03-13 19:05:54
I was just looking fpr a reason, that the Log Files behave the described way.
The Problem is, if the BUG occurs, the Service seems to hang for the connected clients
#55 Re: mORMot 2 » Bug with Log To SynLz » 2025-03-13 11:32:11
Hi Arnaud, today we had this Problem again, consuming also a lot of cpu cycles in the service with the Log - Problem.
I found out, that on the server running the logs, Microsoft defender was scanning the logs.
Is this a possible Reason for the Problem?
I deaktivated the Defender - Scan for our Log/Service directories.
I will report if Problem has gone or not
#56 Re: mORMot 2 » Security Problem with Session Cookie » 2025-03-12 18:17:42
Yes Timeout is set to 240min
#57 Re: mORMot 2 » Custom SQL Queries Creating New Connections » 2025-03-12 08:15:47
In MySQL we increased the number of allowed connections, may be there is an option in PostgresSQL
#58 mORMot 2 » Security Problem with Session Cookie » 2025-03-11 20:05:31
- itSDS
- Replies: 10
Hi Arnaud, a Pentester has tested our mvc Server !
He found this vulnerability:
He saved the Session Cookie on client Site. Logged out frrom Server (On Server CurrentSession.Finalize is called and client Cookie Removed)
But after this he used the saved Cookie to call MVC - Pages.
The Cookie is still valid.
Do you know a simple way to invalidate such cookies ?
We Create Session Cookies after Login-Funktion with CurrentSession.Initialize and check it with CurrentSession.CheckAndRetrieve
Thank you
#59 Re: mORMot 2 » Json - Passing Variant a record » 2025-03-11 07:01:06
May be its better to use TObject instead of record than null in val should be possible
#60 Re: mORMot 2 » unexpected request timeouts » 2025-03-04 11:00:19
Hi Arnaud, i',m back from holiday, did you change something i can test ?
atm we switched back to standard server implementation
#61 Re: mORMot 2 » unexpected request timeouts » 2025-02-07 12:42:23
Hi Arnaud yes i think daniel has an other problem.
I sent you new Logs today with low level logs
And yes my Problem is primary with big data packets (exact size unkown) but its reproducable in different client server scenarios.
#62 Re: mORMot 2 » unexpected request timeouts » 2025-02-04 08:17:12
Hi Arnaud, i checked all of this:
What do you call "request timeout"?
Is it a HTTP_TIMEOUT = 408 error code?
Yes
On server side:
Is it visible on the server side, via TRestServerUriContext.ExecuteCommand() as TimeOut method - i.e. InternalLog('TimeOut %.Execute(%) after % ms' ?
No on Server site i can see nothing
Do you use the HeaderRetrieveAbortDelay option?
No
On client side:
It may come from a long SockReceivePending()=cspNoData line 2373 of THttpClientSocket from mormot.net.client.
Is it the case?
I don't know, i will add DoLog To OnLog
And the Connection is still alive - Server is responding to other clients
Client is sending next Request if i start any
The Only Thing i observed is, that the Packed is "bigger" lets say 600KB to 2MB
#63 Re: mORMot 2 » unexpected request timeouts » 2025-02-03 19:20:01
@AB yes its a 408 error. I made a documented client / Server / Log and sent it to you also.
#64 mORMot 2 » unexpected request timeouts » 2025-02-03 12:00:03
- itSDS
- Replies: 13
Hi Arnaud, this topic is not very easy, but i can not find the reason.
Using a m2 TRestHttpServer with WEBSOCKETS_DEFAULT_MODE and TRestHttpClientSocket only http connection
we get unexpected request timeouts on client site.
In Log we can see timestamp request to server, auth, instance and contract request.
But then using one of the interface function sometimes gives "request timeout"
On Server site we can see all as normal. but if request timeout nothing is in log on server site.
We checked firewall / content filter there should be nothing.
Do you have any idea what else we can check / Enable any extra log or so ?
#65 Re: mORMot 2 » Securing http server » 2025-02-02 19:01:46
Now i have ported Boilderplate to m2, just to let it run 
I think your Code is Work in Progress !
The whole thing is very big so i understand, that other things are more important.
#66 mORMot 2 » Securing http server » 2025-01-28 19:49:53
- itSDS
- Replies: 1
Hi Arnaud,
i would like to make the http Server more secure and like to add this Options:
X-Frame-Options
Content-Security-Policy
Permissions-Policy
Cross-Origin-Embedder-Policy
Cross-Origin-Resource-Policy
Cross-Origin-Opener-Policy
I saw in mormot.net.http.pas some Options like in Boilerplate, but no implementation. Is it missing ?
#67 Re: mORMot 2 » How to Set secure attribute in cookie of MVC Application » 2025-01-20 13:57:35
Hi Arnaud, sounds good, is there an example of mutual Authentication available ?
#68 Re: mORMot 2 » How to Set secure attribute in cookie of MVC Application » 2025-01-20 11:55:16
One other question in this context, is it possible to crypt the traffic from client with syncrossplatform client to m2 server without using ssl.
as ssl can be compromitted with man in the middle attacks
#69 mORMot 2 » How to Set secure attribute in cookie of MVC Application » 2025-01-20 11:12:38
- itSDS
- Replies: 4
Hi Arnaud, we are asked to set secure Attribute for cookies, is this possible with m2 and how ?
ty
#70 Re: mORMot 2 » Bug with Log To SynLz » 2024-09-04 08:05:18
Sorry its
500*1024
or
1000*1024
#71 Re: mORMot 2 » Bug with Log To SynLz » 2024-09-03 19:10:23
In this case its 1000M but get same with 500M
The Content of the Log is nearly the same Just some lines added from file to file..
#72 Re: mORMot 2 » Bug with Log To SynLz » 2024-09-03 13:49:56
Hi Arnaud, here a some screens from the Logs, may be you understand now what i mean
I think there is a Problem in TSynLog.PerformRotation, May be the File can not be deleted or something else
#73 Re: mORMot 2 » Bug with Log To SynLz » 2024-08-30 08:54:58
Hi Arnaud, what do you mean ?
You need more details ?
The Problem occours not very often !
#74 mORMot 2 » Bug with Log To SynLz » 2024-08-27 12:26:05
- itSDS
- Replies: 11
Hi Arnaud,
today we had this Problem:
TSynLog.Family.RotateFileCount := 100
TSynLog.Family.RotateFileSizeKB := 500MB
TSynLog.Family.RotateFileDailyAtHour := 23
LogSize : 946MB
And 100 Files Created each containing the Log with some few lines added
It seems that the Log is not truncated / deleted after creating the synlz
so that every synlz contains the Log beginning at the same Line but enhanced with some newly added rows.
After restarting the Service everything runs as expected
Any Idea ?
#75 Re: mORMot 2 » Question concerning "auto"-Retry » 2024-06-03 11:42:51
Ty for your answer, i understand that client should not wait long for answers
#76 mORMot 2 » Question concerning "auto"-Retry » 2024-06-03 11:20:09
- itSDS
- Replies: 2
Hi Arnaud, i found this topic: https://synopse.info/forum/viewtopic.php?id=6249
and have a similar problem.
On Client Side i prepare a lot of Data lets say 50000 Records.
I pass them as an array of Records thru a SOA Function
The Server needs 10min to work on this records.
so i have to set my Timeouts > 10min (Send/Receive/Connect)
else a retry will occur and send the Records again.
As you wrote in the topic the server should only use ms to answer.
What will be the best approach to realise this big task ?
Should i implement an own thread handling it and send notifications during processing to client ?
Also as in topic, debugging is anoying with the retry.
What is the reason to retry the sending of data ? Should this not be handled in the SOA Call.
#77 Re: mORMot 2 » Stack Overflow in LogView » 2024-05-22 09:23:03
Good Tip thank you very much
#78 Re: mORMot 2 » Stack Overflow in LogView » 2024-05-22 08:19:26
Hi Arnaud, today i had a litte bit of time to fix the Problem.
in my Code a had lots of
TSynLog.Add.Log(sllEnter, .... (Used in Class Procedure)
But there is no automatically genereted sllLeave
LogView uses a recursive function: ComputeProperTime to calc times
This was called to often.
i made to things:
1. i increased the Stack Size of LogView with Compiler Switch: {$M 16384,4194304}
2. i changed the sllEnter to sllDebug
How can i use sllEnter in class functions/procedures to get runtime ?
Should i manually add sllLeave ?
#79 Re: mORMot 2 » E10060 with THttpClientSocket and not with Winhttp Client » 2024-05-14 09:56:57
Just to end this Ticket, with OPENSSL Version the Connection coulf be establiched.
One Thing: if i copy only the first dll (libcrypto...) and Libssl is missing, the Error Message should be like: libssl.. is missing ...
#80 Re: mORMot 2 » E10060 with THttpClientSocket and not with Winhttp Client » 2024-03-22 08:25:42
Ty just to give more information:
On Server Side Client Connection works in both modes.
Only Clients connecting over Network get timeout error
OpenSSL is disabled, I'll try it using OpenSSL
#81 mORMot 2 » E10060 with THttpClientSocket and not with Winhttp Client » 2024-03-21 14:50:35
- itSDS
- Replies: 4
Hi i just switched from WinHttp to Socket client and get error 10060
Log Output
InternalUri GET
...
ESChannel {recv : Socket Error 10060}
ENetSocket {THttpClientSocket.DoTlsAfter: TLS failed ..
after a timeout of 30s
With WinHttp the connection can be established
We connect to a server with valid certificate.
I need a clou how to find the reason for the error- any thougths ?
#82 Re: mORMot 2 » Create SynCrossPlatform Wrapper with m2 broken » 2024-03-21 14:46:00
Hi thank you very much tomas, actually we have modified the mustache Template an can use it with m2. I ll report some things if we are finished
#83 Re: mORMot 2 » Create SynCrossPlatform Wrapper with m2 broken » 2024-03-20 08:39:03
Hi ttomas, thanks for the code. i directly testet it and have some results !
1. The nested records are fine now
but there are the following problems now:
1. the definition of all the dynamic array types is behind (under) the use of them in the previous defined records. (May be depending on the wrapper
2. in the variant2 and 2variant function there is something wrong added
would be easier to understand if i provide some graphics
Link with pictures
#84 Re: mORMot 2 » Create SynCrossPlatform Wrapper with m2 broken » 2024-03-19 18:03:06
I testet today with the latest release - Same Error - Syncrossplatform Client can not be created with m2
#85 Re: mORMot 2 » Feature request or question concerning Certificate in Windows Storage » 2024-03-01 19:24:53
ty i tried my best but was a little confused converting from c to delphi. But now it works and certificate is found.
Now after getting the Handle the next error comes in AfterAccept:
Erste Gelegenheit für Exception bei $76CCDD80. Exception-Klasse ESChannel mit Meldung '<>: AcquireCredentialsHandleW returned 8009030E [2148074254], System Error 1312 [Eine angegebene Anmeldesitzung ist nicht vorhanden. Sie wurde gegebenenfalls bereits beendet]'.
Something about missing Credentials
#86 Re: mORMot 2 » Feature request or question concerning Certificate in Windows Storage » 2024-03-01 14:14:19
Yes certificate is in HKLM/Software/Microsoft/SystemCertificates/MY/Certificates
But CertOpenStore returns nil ...
May Be Something wrong with Parameters:
CERT_STORE_PROV_SYSTEM = 10;
CERT_STORE_MAXIMUM_ALLOWED_FLAG = $00001000;
CERT_SYSTEM_STORE_CURRENT_USER = $00010000;
CERT_SYSTEM_STORE_LOCAL_MACHINE = $00020000;
var LProvider : AnsiChar := #10; // CERT_STORE_PROV_SYSTEM or CERT_STORE_MAXIMUM_ALLOWED_FLAG
var LMy := 'MY';
fAcceptCertStore := mormot.lib.sspi.CertOpenStore(@LProvider, 0, nil, CERT_SYSTEM_STORE_LOCAL_MACHINE, @LMy);tried also with Admin rights / Ask for User also does not work.
#87 Re: mORMot 2 » Feature request or question concerning Certificate in Windows Storage » 2024-03-01 13:57:57
ty ab-
I'm a few steps further, Moving my Certiicate to MY private storage and looking for ThumbPrint now works:
LsThumbPrint := '12097c0d0db94e85b83b415bc8b6aa324dcd9dc1';
flags := Length(LsThumbPrint) div 2;
SetLength(certblob, flags);
HexToBinFast(PAnsiChar(LsThumbPrint), PByte(certblob), flags);
blob.cbData := flags;
blob.pbData := pointer(certblob);
fAcceptCert := mormot.lib.sspi.CertFindCertificateInStore(fAcceptCertStore, X509_ASN_ENCODING or PKCS_7_ASN_ENCODING, 0, $10000, @blob, nil);
if fAcceptCert = nil then
raise ESChannel.Create('AfterBind: no Certificate available');But if i use my request to local machine (See above) and then look for thmubprint does not work - may something wrong with selecting right storage
#88 Re: mORMot 2 » Feature request or question concerning Certificate in Windows Storage » 2024-03-01 10:25:04
You need to use the TNetTlsContext fields.
My guess is that you need client TLS authentication using a certificate with a private key stored within the local windows storage?But it depends on the TLS engine used.
For OpenSSL you can specify CertificateFile or other fields if needed.
For SSPI (default on Windows), you can't specify a client certificate (yet).You can try to modify TSChannelNetTls in mormot.net.sock.windows.inc to add the ability to specify a client Certificate in TNetTlsContext.
Either as a file name or a file fingerprint using CertFindCertificateInStore(CERT_FIND_HASH).
If you need it for SSPI, I could try to implement it, and you may validate/test it.
Hi Arnaud, my certificate is stored in local Machine storage. so i tried to add it to SChannel Afterbind, but get error on start i can not explain to me:
procedure TSChannelNetTls.AfterBind(var Context: TNetTlsContext);
var
certblob: RawByteString;
blob: TCryptDataBlob;
pass: SynUnicode;
flags: integer;
begin
if Context.CertificateFile = '' then begin
// Load certificate and private key from Windows certificate store
// fAcceptCertStore := CertOpenSystemStoreW(nil, 'MY')
var LProvider : WideChar := WideChar(CERT_STORE_PROV_SYSTEM);
var LMy := 'MY';
fAcceptCertStore := mormot.lib.sspi.CertOpenStoreW(@LProvider, 0, nil, CERT_SYSTEM_STORE_LOCAL_MACHINE, @LMy);
end else
begin
certblob := StringFromFile(TFileName(Context.CertificateFile));At Programm start a message pops up CertOpenStoreW not found in dll (my exe name) in source is it declared as extern crypt32.dll
any idea ?
#89 Re: mORMot 2 » BUG (or new feature) on SOA Calls » 2024-03-01 08:53:45
Just for your information, yesterday i got corrupted packets at size 1.6MB with 7177
i checked it with latest version 7184 and it worked !
#90 Re: mORMot 2 » Feature request or question concerning Certificate in Windows Storage » 2024-03-01 08:08:12
You can use certmgr.msc to import .p7b file and then export as .pfx.
i tried it, but the file does not include the private key - Export is grey for this
#91 Re: mORMot 2 » Feature request or question concerning Certificate in Windows Storage » 2024-02-29 09:38:26
Hi i have the p7b File of the Certificate can i use this ?
#92 mORMot 2 » Feature request or question concerning Certificate in Windows Storage » 2024-02-29 07:54:53
- itSDS
- Replies: 14
Hi Arnaud,
im Using WEBSOCKET_DEFAULT_MODE in some of my new services.
Before i used useHttpApiRegisteringURI
now i have to switch some services also using https from http to Socket mode. There was a Certificate attached to the service by fingerprint from Windows certificate storage.
I read your Blog with detailed information on how to setup the tls:
https://blog.synopse.info/?post/2022/07 … WebSockets
Is it possible to use the Certificate from Windows Storage as TLS Parameter ?
Or is there a way to export it to give tls the cert files ?
#93 Re: mORMot 2 » BUG (or new feature) on SOA Calls » 2024-02-28 18:15:39
But one question, i set HTTPSERVER_DEBUG_OPTIONS in TRestHttpServer.Create(...
But fDebugLog in mormot.net.async - procedure TPollAsyncSockets.ProcessWrite( const notif: TPollSocketResult; sent: integer); is nil an no Debug written,
where should i set rsoLogVerbose ?
#94 Re: mORMot 2 » BUG (or new feature) on SOA Calls » 2024-02-28 18:09:59
Hi Arnaud i can confirm that it works now as expected. Thank you !
#95 Re: mORMot 2 » BUG (or new feature) on SOA Calls » 2024-02-28 07:36:34
Question, i saw lot of DoLOG lines in the Socket Code, how can i activate it ? May be i can find the Error on the server
#96 Re: mORMot 2 » BUG (or new feature) on SOA Calls » 2024-02-27 20:08:24
I switched Server to useHttpApiRegisteringURI and the Request works as before. So definitelly a server problem with WEBSOCKETS_DEFAULT_MODE
#97 Re: mORMot 2 » BUG (or new feature) on SOA Calls » 2024-02-27 20:03:21
I think the Problem is on the Server Side,
i digged a little Deeper
i swiched client to Socket Client and put FileFromString in mormot.net.http GetBody line 4266:
if Http.CompressContentEncoding >= 0 then
Http.UncompressData;
if Assigned(OnLog) then
OnLog(sllTrace, 'GetBody len=%', [Http.ContentLength], self);
FileFromString(http.Content, 't:\sockresp.txt');
if SockIn <> nil thenthe received data is corrupted. In Former test i used WinHttp Client.
#98 Re: mORMot 2 » BUG (or new feature) on SOA Calls » 2024-02-27 19:31:00
i wrote resp in File (Line 724 mormot.soa.client) and the same value as in log i described further, Log is correct.
begin
FileFromString(resp, 't:\resp.txt', true);
if (JsonDecode(pointer(resp), ['result', // 0
'id' // 1#99 Re: mORMot 2 » BUG (or new feature) on SOA Calls » 2024-02-27 19:23:04
i use WEBSOCKETS_DEFAULT_MODE
#100 Re: mORMot 2 » BUG (or new feature) on SOA Calls » 2024-02-27 19:15:27
Hi Arnaud, i debugged the code and compared V 2.2.6792 with 2.2.7166
with 7166 the parser said - Error in File, so i compared the Log Outputs from 6792 and 7166 both Server Side and Client Side.
6792 works as expected. But in 7166 Client Log the JSON Buffer was corrupted after Byte 524288, is there a Buffer to small ? My Data has in all cases 692979 Byte !
The Client got 692979 Byte but after Byte 524288 was a copy starting at byte 262144
There Seems to be a buffer Problem in the 7166 client