Olaf's thoughts about Delphi, IntraWeb and other dev stuff - Latest Comments in Hardening IntraWeb 9.0 with SSL Version 3

Re: Hardening IntraWeb 9.0 with SSL Version 3

Eugene — Mon, 07 Dec 2009 02:45:16 -0000

I understood.
You know i use different types of images: images in my template, images in TIWImage and i use AdvancedImageButtons (by TMS Software).
Buttons by tms, has for different states and each state has own image. Sometimes these buttons working slowly.
Olaf, thank you for your answers. It's very important information.
I have only one question to you:
In ServiceController i can set perameter : SessionTimeout. I did not change it and save it by default ( 10 min).
When application works under Standalone server all cached files are removed when session terminated( by timeout).
But when project work under IIS , cache files are removed only when i use Terminate() , but if not (close web browser for example),
cached files are not delete from folder.
After , for example, one day of use service i can see many different folders with files in temporary cache folder. As result i have to
control this folder and delete files manually every day otherwise free space well end and server will down.
I saw in IIS configuration and it have timeout perameter only for ASP project.
Can you explain - where is my mistake ?

Best Regards,
Eugene

Re: Hardening IntraWeb 9.0 with SSL Version 3

Olaf Monien — Fri, 04 Dec 2009 11:29:47 -0000

Images will ALWAYS be re-requested by the browser IF IN SSL mode. This is a security feature and not related to IntraWeb.

If you see image files in the cache folder, then you are probably using TIWImage. These are "dynamic" images, wich are kept in memory on the server side. Every page render will create a new cache file, which is used to present the actual image to the browser.

If you actually have static images, then use TIWImageFile instead. That will put much less pressure on your server.

--
Grüße / Regards,
Olaf Monien
---------------------------
EDV-Beratung Monien
Embarcadero Technology Partner

olaf@monien.net
www.monien.net/blog
www.DelphiExperts.net
---------------------------

Re: Hardening IntraWeb 9.0 with SSL Version 3

Eugene — Fri, 04 Dec 2009 10:02:40 -0000

anyway, it's working. I think that using SSL from first page - it's not a problem. ;-)
You know, i saw to my cache directore and i was surprised : becase i found many *.tmp files in it.
These files are pictures. May be it's sounds strange but intraweb caches same files under different names !
For example, in session temp folder i have three files: JPG1E7D.tmp, JPG1E80.tmp, JPG1E82.tmp, JPG1E84.tmp.
These files are same, but have defferent name. As i undestood, Intraweb create file when page reloading.
But the very bad thing, that, as i understand, intraweb does not give old files from cache and rename it, intraweb download
this file from server again ! Traffic grows , speed low and as result intraweb application works slowly. ( particularly in SSL mode).
Does it true ? How does cache algorithm works ?
Sorry that i ask a lot of questions, but i can't find answers for these questions in documentation.

Thanks a lot for your help.

Best Regards,
Eugene

Re: Hardening IntraWeb 9.0 with SSL Version 3

Olaf Monien — Thu, 03 Dec 2009 10:33:10 -0000

Honestly, I have no idea what might happen there.

--
Grüße / Regards,
Olaf Monien
---------------------------
EDV-Beratung Monien
Embarcadero Technology Partner

olaf@monien.net
www.monien.net/blog
www.DelphiExperts.net
---------------------------

Re: Hardening IntraWeb 9.0 with SSL Version 3

Eugene — Wed, 02 Dec 2009 10:16:02 -0000

if i use https immediately (https://mydomain.com/myisap... all is ok ( for simple application - no timeout, for my project - 15 sec)

does it mean that i have to use https from first page ? Do you know why does it happen when i use non-secure mode first ?

Re: Hardening IntraWeb 9.0 with SSL Version 3

Olaf Monien — Wed, 02 Dec 2009 08:24:28 -0000

What happens if you start in SSL mode directly?

https://yourdomain.com/your...

instead of:
http://yourdomain.com/youri...

--
Grüße / Regards,
Olaf Monien
---------------------------
EDV-Beratung Monien
CodeGear Technology Partner

olaf@monien.net
www.monien.net/blog
www.DelphiExperts.net
---------------------------

Re: Hardening IntraWeb 9.0 with SSL Version 3

Eugene — Wed, 02 Dec 2009 08:22:24 -0000

May be you right, but not in my case, i think. i have to explain:
- run my project ISAPI dll and press ok button -> wait for 2 min 8 sec -> app switchs to secure mode.
- crete simple project with one button and two forms, compile to ISAPI dll, run and press button -> wait for 2 min 8 sec -> app switchs to secure mode.

When i do not use SSL this timeout ( 2 min 8 sec) is absent at all.
What it can be ? May be i have to turn off ( or turn on) something on web server (IIS) ?

Best Regards,
Eugene

Re: Hardening IntraWeb 9.0 with SSL Version 3

Olaf Monien — Wed, 02 Dec 2009 05:30:57 -0000

If you have many images, then SSL will be "expensive". Images will be encrypted as well, and they won't be cachable.

--
Grüße / Regards,
Olaf Monien
---------------------------
EDV-Beratung Monien
CodeGear Technology Partner

olaf@monien.net
www.monien.net/blog
www.DelphiExperts.net
---------------------------

Re: Hardening IntraWeb 9.0 with SSL Version 3

Eugene — Wed, 02 Dec 2009 05:28:28 -0000

Olaf, thanks a lot. Your hepl is always very useful.

My project is working now. Important thing - if i use IIS i have to add certificate ( that i use when i creating key.pem, root.pem, cert.pem) to my web site.
I use certificate created by myself ( with makecert from Microsoft). Of course, in this case web browser shows alert messages that my certificate was not created
in certification center. But it's only for now, when i am testing SSL in Intraweb.
And one more . Now, when my ISAPI dll use SSL , switching to secure mode takes very long time (about 1.5 - 2 minutes). Why did it happen ?
May be it happen because i use not valid certificate (created by me) ? server trying to verify it and it takes a lot of time ?

Best Regards,
Eugene

Re: Hardening IntraWeb 9.0 with SSL Version 3

Olaf Monien — Tue, 01 Dec 2009 02:09:29 -0000

SSL with IIS means, that IIS will be responsible for SSL handling. sll dlls and ports are not used by IW under IIS - SSL.
Make sure, that your IIS has the SSL certificate setup correctly and that it would display a simple static HTMl page correctly with https://....

Regards / Grüße,
Olaf Monien
------------------------------------------
EDV-Beratung Monien

Embarcadero Technology Partner
Delphi Experts Chairman
www.delphiexperts.net
www.monien.net

Am 30.11.2009 um 15:24 schrieb Disqus:

Re: Hardening IntraWeb 9.0 with SSL Version 3

Eugene — Mon, 30 Nov 2009 09:24:31 -0000

Thanks a lot. But you know , it's really strange, because my port was 443 ( standard port for SSL protocol), but in error message - 10048.

However, now i have another trouble - i can not run my project in secure mode on IIS Web server.
My web application working properly in StandAlone mode ( for this mode i put libeay32.dll and ssleay32.dll in same folder, also i put cert.pem, key.pem,
root.pem from Intraweb 10 demo project).
But StandAlone only for test, my web application have to work as ISAPI dll on our server.
I put ISAPI dll in web site folder and put another files with it ( libeay32.dll, ssleay32.dll,cert.pem, key.pem,root.pem).
Then i type on remote computer address to my dll. First page opens, but in click event i use code:
WebApplication.SwitchToSecure;
When this line executing my Intraweb application hungs... I cand see my page with busy indicator .

Can you help me ? It's one of the important requirement - use security mode( transfer data through protected channel), but it doesn't work now under IIS ...

Best Regards,
Eugene

Re: Hardening IntraWeb 9.0 with SSL Version 3

Olaf Monien — Fri, 27 Nov 2009 04:15:33 -0000

Go to ServerController and set the port to some other value.

--
Grüße / Regards,
Olaf Monien
---------------------------
EDV-Beratung Monien
CodeGear Technology Partner

olaf@monien.net
www.monien.net/blog
www.DelphiExperts.net
---------------------------

Re: Hardening IntraWeb 9.0 with SSL Version 3

Eugene — Fri, 27 Nov 2009 04:08:11 -0000

Do you know why i have error like " ...port 10048 is already in use ..." ? I open demo project from Intraweb demos ...