| Subject: | Re: Sessions
| | Date: | Tue, 26 Sep 2023 17:17:14 +1000
| | From: | Tom Krieg <tomkIGNORE@CAPSsdassociates.com.au>
| | Newsgroups: | pnews.paradox-programming
|
I solved the problem of insecure Paradox tables and useless passwords by
having the tables on a secure server to which users had no access. The
Corel web server OCX ran on this server and listened for requests. It
would pass these requests to a Paradox library and the library would
handle them all, including receiving tables (e.g a tableframe) and
returning a table (e.g a query).
The Paradox client would send a request for data or to do something, the
server would send a resultstring, OK for an update, insert or delete or
a csv string to be turned into a result table.
Users would log in (send it to the server) the server would validate the
user.
User name, password and all rights to the application would be
encrypted. This included which forms a user could open.
No one ever had access to the tables except the server. Users could open
local forms or scripts but without valid sever credentials, the form etc
would not open.
This scenario required
- Tony McGuire's HTTP control, used by Paradox to send HTTP requests and
manage HTTP responses
- The Corel Web Server OCX, to handle HTTP requests and return HTTP
responses
- Tony McGuire's encryption control, to encrypt user credentials
- Some out-of-the-box thinking
Unless you can find these controls and work out how to use them, give up.
I developed a Paradox application for a real estate company in Vermont
back in 2002 where the agents were on the road and the server was at
headquarters. Worked well.
I initially developed the above Paradox application for an Australian
autoparts importer and wholesaler with 3 branches thousands of miles
apart. 256Mbit DSL line and all 3 branches used the one database. No
security or password issues.
Of course, when I converted everything to PotgreSQL running on a server,
this became obsolete. It was also easy to do because all I had to do was
replace the Paradox table libraries with PostgreSQL libraries. In fact,
I ran a hybrid system for 6 months, replacing libraries one at a time
without users even being aware (except whenever a new library came on
stream, the response time would improve).
The next version of Windows 11 (23H2) will kill Paradox, from what I've
read so I wouldn't waste my time. Windows10 has just over a year to live
unless you want to run it in a cave without users.
On 22/09/2023 6:17 am, Peter wrote:
> Whenever adding passwords I have always used
> var sesĀ session endvar
> ses.open()
> ses.addPassword()
>
> I got that from some help example and now I am wondering why a session
> needs to be opened.
>
> More thinking
> I open a form and add necessary passwords to access tables
>
> I run a method and add password(s), then when the method finishes I
> remove all passwords.
>
> If I remover all passwords now the form is affected; true?
>
> It would seem to me that if running a separate method requires its own
> passwords then that is when I should add a session so I do not affect
> other passwords already established.
>
> Do I have this right?
|
