Friday, 9 October 2020

TWebModule could be a lot better

I've been using TWebModule on a project this year and even though it does what I want it to it is a bit rubbish when there are a lot of actions. It would be nice for it to do the following:

  • Remember the position of the actions form, I always have to move it to select the object inspector.
  • With over one hundred actions in there is would be useful to have a search option, filters (maybe for 'get' and 'post' methods) and sort options in the header. This would make it a lot easier to locate the action in the list.
  • Right click option, or double click to go to the 'OnAction' code.
Not sure if many other Delphi developers use TWebModule or if there is a better alternative. 

Insert Only Database - Pros and Cons

Explanation

In a traditional database updates and deletes are allowed, this destroys data which can sometimes be considered undesirable. In an ‘Insert’ only database or ‘Point in Time’ database only inserts can be performed.


Additional Fields Required


DateCreated – Date and time the record was created.

DateEffective – Date and time the record becomes effective, this can be different than DateCreated for numerous reasons.

DateEnd – Date and time the record is ceased to be effective.

DateReplaced – Date and time the record was replaced by another.

OperatorID or SessionID – User related to the creation of the record.


The date and time fields may also require a UTC offset field. Therefore a total of 9 fields are required.


How are updates done?


This is more complex than a typical update.

  1. Locate the existing record.
  2. Flag it as ‘ended’ and ‘replaced’ with the current date time or the time the update will be applied.
  3. Insert a new record and copy some of the existing field values and the new field values.

Pros and Cons


Pros:

  • Rollback to a point in time is possible.
  • Triggers are not required.
  • All changes are logged, it is not possible for a field to be added that is not included in the audit.
  • Less Locks.
  • Make data changes that do not ‘Go Live’ until a specified date and time.


Cons:

  • Table size is significantly larger if a lot of record changes are required. Additional 9 fields required for every table.
  • Need views on all tables.
  • If replication is a requirement all audit database is also replicated on replication servers.
  • No option to exclude fields from the audit.
  • Making a change (typically an update) is more complex. 
  • Foreign key and relationships can be more complex.

Wednesday, 23 September 2020

How users should report software errors and bugs

Recently I have come across not just users and testers being vague on bugs, but also fellow developers giving minimum information on issues. Below is an article I wrote a few years.

Tuesday, 21 January 2020

Password Hashing

Delphi is great for all kinds of software development from Windows based applications to web sites and mobile apps, but one area that it seems to be weak is with hashing of passwords. I cannot find any components built in or 3rd party that really do what was easy to do with Visual Studio (C#), here is what I would like to do:

  1. Find a modern hashing algorithm PKBDF2 or Argon2. 
  2. Must allow hash to be salted and the salt to be different every-time.
  3. Allow for the number of iterations to be specified.
  4. Previously I have also store a version number with the hash, this would also be a useful option.
  5. Validation should not require the original salt. Some solutions (one well known 3rd party company) says that you store the hash of the password and the salt in the database. 
  6. Works with existing Javascript hashing solutions e.g. CryptoJS, I imagine once the same parameters are applied it should work so that the hash can be created in Javascript and the validation can be done by Delphi.
Does anyone no of any 3rd party components that do password hashing well?