Looking for programmer for Web and SMS

[Mitchell Shiller via 4D_Tech]

Hi,

I am looking to hire a 4D programmer or 2 separate programmers to help with 
following.

I have an Electronic Medical Record (written in 4D (Currently v18. Soon v19). I 
would like to accomplish the following 2 tasks:

Create a web portal to allow patients to book appointments online. The 
appointment scheduler is fully written and functional. I need someone with 4D 
Web experience and some HTML experience to allow my application to serve pages 
based on stored data, collect the appointment information and enter it in the 
database.

To send SMS / Text messages (preferably Twilio) to remind a patient of their 
appointment and receive back a text that confirms or cancels the appointment.

I suspect neither of these are very complicated. But would prefer to outsource 
to someone who has experience in these fields.

I will provide all of the hooks / integration to my program. I will provide the 
flow logic. I can help to tweak the HTML if necessary.

If you are interested, please contact me at mshil...@sympatico.ca

Thanks



Mitch’s 


Sent from my iPhone
**
4D Internet Users Group (4D iNUG)
New Forum: https://discuss.4D.com
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Service "items" Declaration

[Keisuke Miyako via 4D_Tech]

if your data type is not a simple array or scalar variable
you might have to use

Is DOM reference

or

Is XML

https://doc.4d.com/4Dv18/4D/18.4/SOAP-DECLARATION.301-5232871.en.html


after all, SOAP DECLARATION converts classic 4D commands such as C_TEXT or 
ARRAY TEXT to WSDL.

anything you can't define as a parameter or return value in 4D can't be 
converted automatically to a web service,

that said, you can already create your own web service REST/SOAP API without 
using any of the SOAP commands.

the SOAP feature was created when 4D didn't really have XML commands.

’m not finding any clues
in the documentation.

**
4D Internet Users Group (4D iNUG)
New Forum: https://discuss.4D.com
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Web Service "items" Declaration

[Eric via 4D_Tech]

I have been consuming Web Services from SAP for a very long time, but
now I am faced with publishing my 1st WS to be called from SAP.  It
will be a header/items structure.  The header values are simple:

SOAP DECLARATION($1;Is longint;SOAP input;"soldToID")  //SoldToParty
SOAP DECLARATION($2;Is longint;SOAP input;"shipToID")  //ShipToParty

My question is how to declare the following items structure in 4D
v18r4 so it shows up properly in the WSDL?  I’m not finding any clues
in the documentation.


10
50
5033437
45.52
CHAIR-9018-BLU51-CHRM
M-9018

**
4D Internet Users Group (4D iNUG)
New Forum: https://discuss.4D.com
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

4D v19 Start Web server on port 80 on MacOS

[Andrea via 4D_Tech]

Hi,

Does anybody use 4D v19 Web server on port 80 with a specific IP and not the 
any option?

If I set any option on the IP address for Web server the server start on port 
80, but if I try to set any of the IP in list on the popup the server can’t be 
published.

I need to start the Web Server for a specific Address and not for any. Do you 
have any suggestions?

I tried to uninstall HelperTool and install it again, but nothing changed.

Thanks in advance

Andrea




Alfanet srl   and...@alfanet.it
viale Europa, 62 http://www.alfanet.it/
00144 Rome - Italy
P. IVA/C.F. 04961631001
tel.  +39 06 5924665
fax  +39 06 5923352

**
4D Internet Users Group (4D iNUG)
New Forum: https://discuss.4D.com
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Password Management System for Web Access

[Spencer Hinsdale via 4D_Tech]

look to see if you accidentally have the database method that overrides this. 
you can tell by by clicking in exlorer whether it is nonexistant (good) or 
blank (problemaic). hope this makes sesnse

> On Jan 23, 2021, at 8:23 AM, Philippe Willems via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> However, when I try this with my existing database structure which has been
> in use for years and years, unable to get this feature to work.
**
4D Internet Users Group (4D iNUG)
New Forum: https://discuss.4D.com
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Password Management System for Web Access

[Philippe Willems via 4D_Tech]

Hi All,

I am using a database converted from v6.8 then to v11 and now running v18.3.

I never used the web server before, and now I am trying to use the
documented Password Management System for Web Access.

The 4D doc states "When a user connects to the server, a dialog box appears
on their browser in order for them to enter their user name and password."

This should be the case in both "*Passwords with BASIC protocol*" and
"*Passwords
with DIGEST protocol*".

When I try this on a "fresh" database created with 4D v18.3 things work as
expected.
However, when I try this with my existing database structure which has been
in use for years and years, unable to get this feature to work.

What could it be I am doing wrong ?

All help is welcome.

Regards,

Philippe Willems
**
4D Internet Users Group (4D iNUG)
New Forum: https://discuss.4D.com
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Area and Web Server in the same application

[Andrea via 4D_Tech]

Julio,

I’m using 4D server and 4D client or 4D standalone as web server and client.
WebArea Work fine when I use 4D Server that running the Web Server connect to a 
4D client with WebArea, but if I try to use the WebArea on a 4D standalone as a 
Web server and client doesn't work.

Thanks

Andrea

> Il giorno 05 nov 2020, alle ore 01:21, Julio Carneiro  ha 
> scritto:
> 
> Andrea,
> 
> I’ve used Webarea running under 4D Client all the way back in 4D V12! I do 
> not recall getting into any trouble there. But in my case the web pages were 
> mostly Flex/Flash applications.
> 
> Are you running 4D Server as your web server? or are you running 4D 
> standalone as web server and client UI?
> 
> julio
> 
>> On Nov 2, 2020, at 11:57, Andrea via 4D_Tech <4d_tech@lists.4d.com> wrote:
>> 
>> I would like to use the WebArea to manage some user UIs using web pages 
>> already used by 4D's Web Server, but I bumped into a few problems when I 
>> want to use the same exact 4D application for both the WebArea and the Web 
>> Server.
>> 
>> The problem is caused by Javascript, of which the web page contains several 
>> functions and frameworks. Everything seems to work fine if I wall this 
>> webpage from different applications (e.g. on a bowser on the same machine 
>> where the 4D server runs). The same goes if I use the WebArea from the same 
>> computer but from a different 4D instance than the one where the server is 
>> running. The problem occurs when I try to use the same application for both 
>> the WebArea and the web server so that I can manage to use an already made 
>> UI and not build a new interface using 4D forms from ground zero.
>> 
>> From the WebArea inspector I noticed there are a few timeout errors while 
>> loading some data. However even if we manage to not have any timeout errors 
>> and call some javascript functions, it looks like they don't exist.
>> 
>> Did someone already encounter any similar problems? Could it be maybe a 
>> problem regarding the memory management withing the application? Is it a 
>> problem that could be due to macOS's environment?
>> 
>> I'm using 4D v18 but this problem recurs from v15.
>> 
>> 
>> Thanks in advance
>> 
>> Andrea
>> 
>> 
>> 
>> 
>> Alfanet srl   and...@alfanet.it
>> viale Europa, 62 http://www.alfanet.it/
>> 00144 Rome - Italy
>> P. IVA/C.F. 04961631001
>> tel.  +39 06 5924665
>> fax  +39 06 5923352
>> 
>> **
>> 4D Internet Users Group (4D iNUG)
>> New Forum: https://discuss.4D.com
>> Archive:  http://lists.4d.com/archives.html
>> Options: https://lists.4d.com/mailman/options/4d_tech
>> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
>> **
> 
> --
> Julio Carneiro
> 
> 
> 

**
4D Internet Users Group (4D iNUG)
New Forum: https://discuss.4D.com
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

4D Web Area and Web Server in the same application

[Andrea via 4D_Tech]

I would like to use the WebArea to manage some user UIs using web pages already 
used by 4D's Web Server, but I bumped into a few problems when I want to use 
the same exact 4D application for both the WebArea and the Web Server.

The problem is caused by Javascript, of which the web page contains several 
functions and frameworks. Everything seems to work fine if I wall this webpage 
from different applications (e.g. on a bowser on the same machine where the 4D 
server runs). The same goes if I use the WebArea from the same computer but 
from a different 4D instance than the one where the server is running. The 
problem occurs when I try to use the same application for both the WebArea and 
the web server so that I can manage to use an already made UI and not build a 
new interface using 4D forms from ground zero.

From the WebArea inspector I noticed there are a few timeout errors while 
loading some data. However even if we manage to not have any timeout errors and 
call some javascript functions, it looks like they don't exist.

Did someone already encounter any similar problems? Could it be maybe a problem 
regarding the memory management withing the application? Is it a problem that 
could be due to macOS's environment?

I'm using 4D v18 but this problem recurs from v15.


Thanks in advance

Andrea




Alfanet srl   and...@alfanet.it
viale Europa, 62 http://www.alfanet.it/
00144 Rome - Italy
P. IVA/C.F. 04961631001
tel.  +39 06 5924665
fax  +39 06 5923352

**
4D Internet Users Group (4D iNUG)
New Forum: https://discuss.4D.com
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Active4D & Java Web Tokens

[Keisuke Miyako via 4D_Tech]

There is a native class for that

https://developer.4d.com/docs/en/API/cryptoClass.html

P.S.

you are kindly invited to visit the new forums:

https://discuss.4d.com

2020/08/27 6:03、Doug Hall via 4D_Tech 
<4d_tech@lists.4d.com>のメール:
Thanks for any help you can provide.

**
4D Internet Users Group (4D iNUG)
New Forum: https://discuss.4D.com
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Active4D & Java Web Tokens

[Doug Hall via 4D_Tech]

Anyone out there validating Java Web Tokens (JWT's) with an Active4D
website? I''d like for a third party identity solution (Auth0) to feed into
my website, but I see no way to validate the JWTs directly on the server
side. That could be a problem.

Thanks for any help you can provide.

Doug
**
4D Internet Users Group (4D iNUG)
New Forum: https://discuss.4D.com
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Decode Kerberos ticket for web authentification

[Epperlein, Lutz (agendo) via 4D_Tech]

Hi,

Are there ways to decode a Kerberos ticket using 4D?

Background: We have to implement a SSO login mechanism for web users using 
Kerberos authentication.
The authorization within a web server (IIS) in front of the 4D server works so 
far. We get a http request containing a header line “Authorization: Negotiate 
…”.
After the Negotiate keyword the Kerberos ticket is following. 
The question is now, how to decode this ticket to get information about the 
logged in user, e.g. the username or groups the user belongs to.

Or is this a complete wrong approach? Should we use an extension of the IIS 
instead, which provides the wanted information in http header lines too?
The question is then, which extension?

This is with 4D Server v17.4 on Windows Server 2012 or 2016.

Regards
Lutz

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D v13 web service error: -9926

[Tom Benedict via 4D_Tech]

If the XML is not being validated against a schema (XSD), and if you aren’t in 
control of the source, the XML may be, as Lutz suggested, missing elements or 
had an element renamed or be otherwise malformed.

Tom Benedict

> On Apr 2, 2020, at 11:45, Robert ListMail via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> Hi Lutz,
> 
> At the moment, I don’t have access to the source code for this project but it 
> was running for years without a problem. I’ll dig deeper, thanks for your 
> input.
> 
> Robert
> 
>> On Apr 2, 2020, at 1:55 AM, Epperlein, Lutz (agendo) via 4D_Tech 
>> <4d_tech@lists.4d.com> wrote:
>> 
>> It may related to the XML content of your SOAP request or of response. Did 
>> you check that? Maybe you want to access some not existing elements.
>> 9926 means 
>> -9926The referenced element is invalid.
>> 
>> So it could be something wrong with your parsing code. But I'm guessing ...

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D v13 web service error: -9926

[Robert ListMail via 4D_Tech]

Hi Lutz,

At the moment, I don’t have access to the source code for this project but it 
was running for years without a problem. I’ll dig deeper, thanks for your input.

Robert

> On Apr 2, 2020, at 1:55 AM, Epperlein, Lutz (agendo) via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> It may related to the XML content of your SOAP request or of response. Did 
> you check that? Maybe you want to access some not existing elements.
> 9926 means 
> -9926 The referenced element is invalid.
> 
> So it could be something wrong with your parsing code. But I'm guessing ...

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

AW: 4D v13 web service error: -9926

[Epperlein, Lutz (agendo) via 4D_Tech]

It may related to the XML content of your SOAP request or of response. Did you 
check that? Maybe you want to access some not existing elements.
9926 means 
-9926   The referenced element is invalid.
https://doc.4d.com/4Dv17/4D/17.4/Database-Engine-Errors-10602-4004.300-4882076.en.html

So it could be something wrong with your parsing code. But I'm guessing ...

HTH

Regards
Lutz Epperlein

-Ursprüngliche Nachricht-
Betreff: Re: 4D v13 web service error: -9926

Where oh where are your -9926 thoughts?

R

> On Apr 1, 2020, at 2:02 PM, Robert ListMail via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> With a somewhat older Mac-based, v13.6-based, 4D application running with 
> legacy Web Application Server license that has been running unaltered for 
> several months any idea why I might be getting a -9926 web service error? I’m 
> noticing some orders are not transmitting (SOAP calls)…don’t see any reason 
> why. When I check them out, its usually the next day now and the only thing I 
> see is that the request date is the day before the transmit date…so I adjust 
> it to the current date and then they go through…but they were current when 
> sent to the queue. Thoughts?

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D v13 web service error: -9926

[Robert ListMail via 4D_Tech]

Where oh where are your -9926 thoughts?

R

> On Apr 1, 2020, at 2:02 PM, Robert ListMail via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> With a somewhat older Mac-based, v13.6-based, 4D application running with 
> legacy Web Application Server license that has been running unaltered for 
> several months any idea why I might be getting a -9926 web service error? I’m 
> noticing some orders are not transmitting (SOAP calls)…don’t see any reason 
> why. When I check them out, its usually the next day now and the only thing I 
> see is that the request date is the day before the transmit date…so I adjust 
> it to the current date and then they go through…but they were current when 
> sent to the queue. Thoughts?

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

4D v13 web service error: -9926

[Robert ListMail via 4D_Tech]

With a somewhat older Mac-based, v13.6-based, 4D application running with 
legacy Web Application Server license that has been running unaltered for 
several months any idea why I might be getting a -9926 web service error? I’m 
noticing some orders are not transmitting (SOAP calls)…don’t see any reason 
why. When I check them out, its usually the next day now and the only thing I 
see is that the request date is the day before the transmit date…so I adjust it 
to the current date and then they go through…but they were current when sent to 
the queue. Thoughts?

Thanks,

Robert
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Services - Receiving Complex Type

[Jason Hect via 4D_Tech]

Would you mind emailing me privately about how you're connecting with SAP?  I'm 
having major issues and have questions...

jason.h...@novolex.com

Thank You!
Jason


I make and consume WS calls all day between 4D and SAP ECC/SAP CRM.  My
ABAP guy continually reminds me that SAP does not like complex data types;
although he claims Text arrays are acceptable.  I have not not been able to
get Text arrays to work.

On the send side, I send well formed XML with multiple headers and 100's of
records without issue.  It takes a little work and a good ABAP programmer
but it is rock solid once you get it going.

The XML Structure is a little funky when consuming from SAP; depending on
the data complexity.  I now convert everything from XML to JSON. Here is a
great Tech Note if you are interested:  https://kb.4d.com/assetid=77416

On Tue, Feb 18, 2020 at 5:00 PM Jason Hect via 4D_Tech
<4d_tech@lists.4d.com>
wrote:

>
> Hi David,
>
> Thanks for the response.  Yeah, this is basically what I am proposing we
> do. I'll define a blob parameter (and now I see 4D can define XML or DOM
> SOAP parameters too!), which they pass everything too.  I take the
> contents
> of that single parameter and parse it out.
>
> What the SAP team is telling me is I should be able to define a "record"
> (for lack of better term), which might have numerous parameters.  These
> can
> be int/real/string/boolean/array/etc.  That would all be for a single
> record entry.  But if SAP has 10 "records" to send, they don't want to
> call
> the web service 10 times, but rather call the web service once, with all
> 10
> records in that single call.
>
> Normally 4D makes it so easy to create and consume web services, but this
> is beyond my knowledge of SOAP and Web Services.  I'm 99% sure 4D can't do
> this, but was hoping for a definitive answer so I can let the SAP team
> know
> and move onward with other solutions.
>
> Hope that makes sense and grateful for any other insight you might have.
>
> Thank You!
> Jason
>
> -Original Message-
> From: "David Ringsmuth" 
> Sent: Tuesday, February 18, 2020 10:38am
> To: "4D iNug Technical" <4d_tech@lists.4d.com>
> Cc: "JasonH" 
> Subject: RE: Web Services - Receiving Complex Type
>
>
>
>
> Jason,
>
> I use 4D’s SOAP Webservice to receive hierarchical packets of records
> defined in XML.
>
> I’m not clear on your question, so please forgive me if I fail to answer
> it:
>
> C_TEXT(tMonitorPswd;tMonitorEmail;tCurrentMachine;tCurrentMachineOwner)
> C_TEXT($tMonitorPswd;$tMonitorEmail;$tCurrentMachine;$tCurrentMachineOwner)
> C_LONGINT(ws_errorCode)
> C_TEXT(ws_errorText)
> C_LONGINT($ws_errorCode)
> C_TEXT($ws_errorText)
> ws_errorCode:=0  // 0=No Error
> ws_errorText:=""
>
> C_BLOB(xBlob;xResult;$xBlob;$xResult)
> ARRAY TEXT(atProviderIDs;0)
>
> SOAP_Err_Handle_Install (1)
> ws_Debug
>
>   //compiler_web
>
> SOAP DECLARATION(tMonitorEmail;Is text;SOAP input;"MonitorEmail")
> SOAP DECLARATION(tMonitorPswd;Is text;SOAP input;"MonitorPswd")
> SOAP DECLARATION(tCurrentMachine;Is text;SOAP input;"CurrentMachine")
> SOAP DECLARATION(tCurrentMachineOwner;Is text;SOAP
> input;"CurrentMachineOwner")
>
> SOAP DECLARATION(xBlob;Is BLOB;SOAP input;"xBlob")
>
> SOAP DECLARATION(fAuthentic;Is boolean;SOAP output;"Authentic")
> SOAP DECLARATION(ws_errorCode;Is longint;SOAP output;"ws_ErrorCode")
> SOAP DECLARATION(ws_errorText;Is text;SOAP output;"ws_ErrorText")
> SOAP DECLARATION(xResult;Is BLOB;SOAP output;"xResult")
> SOAP DECLARATION(nCnt;Is longint;SOAP output;"nCnt")
> fAuthentic:=Monitor_Authenticate_Local
> (tMonitorEmail;tMonitorPswd;tCurrentMachine;tCurrentMachineOwner;Current
> method name)
> $fAuthentic:=fAuthentic
>
>
> ws_Declare_Cnts ("Init")
> SOAP DECLARATION(nProviderCnt;Is longint;SOAP output;"nProviderCnt")
> SOAP DECLARATION(nLicenseCnt;Is longint;SOAP output;"nLicenseCnt")
> SOAP DECLARATION(nMenusCnt;Is longint;SOAP output;"nMenusCnt")
> SOAP DECLARATION(nHome_VisitCnt;Is longint;SOAP output;"nHome_VisitCnt")
> SOAP DECLARATION(nParentCnt;Is longint;SOAP output;"nParentCnt")
> SOAP DECLARATION(nChildCnt;Is longint;SOAP output;"nChildCnt")
> SOAP DECLARATION(nMeal_CountCnt;Is longint;SOAP output;"nMeal_CountCnt")
> SOAP DECLARATION(nTrainingCnt;Is longint;SOAP output;"nTrainingCnt")
> SOAP DECLARATION(nWorksheetCnt;Is longint;SOAP output;"nWorksheetCnt")
>
> If ($fAuthentic)
> READ ONLY(*)
>
> C_TEXT($x

Re: Web Services - Receiving Complex Type

[JasonH via 4D_Tech]

I'm getting close being able to send a complex Doc style request to SAP, but
have a few slight differences which is causing it to fail.

SAP says they are expecting this (and I can send using SoapUI successfully).

http://schemas.xmlsoap.org/soap/envelope/;
xmlns:urn="urn:sap-com:document:sap:soap:functions:mc-style">
   
   

4D is sending this:
http://schemas.xmlsoap.org/soap/encoding/;
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/;
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/;
xmlns:xsd="http://www.w3.org/2001/XMLSchema;
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;>


The case is different on the tags, which they think is causing problems.  4D
is also seeming to add a Nul character after my request and the closing Body
tag.  Not sure how to fix either of these problems.



--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Services - Receiving Complex Type

[JasonH via 4D_Tech]

Does anyone have sample code or experience doing this?  I've not attempted
anything like that before and would be starting from scratch trying to
figure it out.


4D Tech mailing list wrote
> then perhaps you might want to switch to HTTP Request,
> XML commands and/or PROCESS 4D TAGS.





--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Services - Receiving Complex Type

[Keisuke Miyako via 4D_Tech]

SOAP (web services) were introduced in v2003,
when 4D had minimal XML commands and no HTTP client commands.

the wizard on the client side and declaration on the server side are great,
in that it takes care of the HTTP and XML layers,
but if the task seems beyond their capability 
then perhaps you might want to switch to HTTP Request,
XML commands and/or PROCESS 4D TAGS.
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Services - Receiving Complex Type

[Eric via 4D_Tech]

I make and consume WS calls all day between 4D and SAP ECC/SAP CRM.  My
ABAP guy continually reminds me that SAP does not like complex data types;
although he claims Text arrays are acceptable.  I have not not been able to
get Text arrays to work.

On the send side, I send well formed XML with multiple headers and 100's of
records without issue.  It takes a little work and a good ABAP programmer
but it is rock solid once you get it going.

The XML Structure is a little funky when consuming from SAP; depending on
the data complexity.  I now convert everything from XML to JSON. Here is a
great Tech Note if you are interested:  https://kb.4d.com/assetid=77416

On Tue, Feb 18, 2020 at 5:00 PM Jason Hect via 4D_Tech <4d_tech@lists.4d.com>
wrote:

>
> Hi David,
>
> Thanks for the response.  Yeah, this is basically what I am proposing we
> do. I'll define a blob parameter (and now I see 4D can define XML or DOM
> SOAP parameters too!), which they pass everything too.  I take the contents
> of that single parameter and parse it out.
>
> What the SAP team is telling me is I should be able to define a "record"
> (for lack of better term), which might have numerous parameters.  These can
> be int/real/string/boolean/array/etc.  That would all be for a single
> record entry.  But if SAP has 10 "records" to send, they don't want to call
> the web service 10 times, but rather call the web service once, with all 10
> records in that single call.
>
> Normally 4D makes it so easy to create and consume web services, but this
> is beyond my knowledge of SOAP and Web Services.  I'm 99% sure 4D can't do
> this, but was hoping for a definitive answer so I can let the SAP team know
> and move onward with other solutions.
>
> Hope that makes sense and grateful for any other insight you might have.
>
> Thank You!
> Jason
>
> -Original Message-
> From: "David Ringsmuth" 
> Sent: Tuesday, February 18, 2020 10:38am
> To: "4D iNug Technical" <4d_tech@lists.4d.com>
> Cc: "JasonH" 
> Subject: RE: Web Services - Receiving Complex Type
>
>
>
>
> Jason,
>
> I use 4D’s SOAP Webservice to receive hierarchical packets of records
> defined in XML.
>
> I’m not clear on your question, so please forgive me if I fail to answer
> it:
>
> C_TEXT(tMonitorPswd;tMonitorEmail;tCurrentMachine;tCurrentMachineOwner)
> C_TEXT($tMonitorPswd;$tMonitorEmail;$tCurrentMachine;$tCurrentMachineOwner)
> C_LONGINT(ws_errorCode)
> C_TEXT(ws_errorText)
> C_LONGINT($ws_errorCode)
> C_TEXT($ws_errorText)
> ws_errorCode:=0  // 0=No Error
> ws_errorText:=""
>
> C_BLOB(xBlob;xResult;$xBlob;$xResult)
> ARRAY TEXT(atProviderIDs;0)
>
> SOAP_Err_Handle_Install (1)
> ws_Debug
>
>   //compiler_web
>
> SOAP DECLARATION(tMonitorEmail;Is text;SOAP input;"MonitorEmail")
> SOAP DECLARATION(tMonitorPswd;Is text;SOAP input;"MonitorPswd")
> SOAP DECLARATION(tCurrentMachine;Is text;SOAP input;"CurrentMachine")
> SOAP DECLARATION(tCurrentMachineOwner;Is text;SOAP
> input;"CurrentMachineOwner")
>
> SOAP DECLARATION(xBlob;Is BLOB;SOAP input;"xBlob")
>
> SOAP DECLARATION(fAuthentic;Is boolean;SOAP output;"Authentic")
> SOAP DECLARATION(ws_errorCode;Is longint;SOAP output;"ws_ErrorCode")
> SOAP DECLARATION(ws_errorText;Is text;SOAP output;"ws_ErrorText")
> SOAP DECLARATION(xResult;Is BLOB;SOAP output;"xResult")
> SOAP DECLARATION(nCnt;Is longint;SOAP output;"nCnt")
> fAuthentic:=Monitor_Authenticate_Local
> (tMonitorEmail;tMonitorPswd;tCurrentMachine;tCurrentMachineOwner;Current
> method name)
> $fAuthentic:=fAuthentic
>
>
> ws_Declare_Cnts ("Init")
> SOAP DECLARATION(nProviderCnt;Is longint;SOAP output;"nProviderCnt")
> SOAP DECLARATION(nLicenseCnt;Is longint;SOAP output;"nLicenseCnt")
> SOAP DECLARATION(nMenusCnt;Is longint;SOAP output;"nMenusCnt")
> SOAP DECLARATION(nHome_VisitCnt;Is longint;SOAP output;"nHome_VisitCnt")
> SOAP DECLARATION(nParentCnt;Is longint;SOAP output;"nParentCnt")
> SOAP DECLARATION(nChildCnt;Is longint;SOAP output;"nChildCnt")
> SOAP DECLARATION(nMeal_CountCnt;Is longint;SOAP output;"nMeal_CountCnt")
> SOAP DECLARATION(nTrainingCnt;Is longint;SOAP output;"nTrainingCnt")
> SOAP DECLARATION(nWorksheetCnt;Is longint;SOAP output;"nWorksheetCnt")
>
> If ($fAuthentic)
> READ ONLY(*)
>
> C_TEXT($xml;$xPath;$xml_root;$tRIS;$tTableNo)
> C_POINTER($pTable)
>
> $xPath:="/Providers"
> $xml_root:=xmlRec_N

RE: Web Services - Receiving Complex Type

[Jason Hect via 4D_Tech]

Hi David,
 
Thanks for the response.  Yeah, this is basically what I am proposing we do. 
I'll define a blob parameter (and now I see 4D can define XML or DOM SOAP 
parameters too!), which they pass everything too.  I take the contents of that 
single parameter and parse it out.
 
What the SAP team is telling me is I should be able to define a "record" (for 
lack of better term), which might have numerous parameters.  These can be 
int/real/string/boolean/array/etc.  That would all be for a single record 
entry.  But if SAP has 10 "records" to send, they don't want to call the web 
service 10 times, but rather call the web service once, with all 10 records in 
that single call.
 
Normally 4D makes it so easy to create and consume web services, but this is 
beyond my knowledge of SOAP and Web Services.  I'm 99% sure 4D can't do this, 
but was hoping for a definitive answer so I can let the SAP team know and move 
onward with other solutions.
 
Hope that makes sense and grateful for any other insight you might have.
 
Thank You!
Jason
 
-Original Message-
From: "David Ringsmuth" 
Sent: Tuesday, February 18, 2020 10:38am
To: "4D iNug Technical" <4d_tech@lists.4d.com>
Cc: "JasonH" 
Subject: RE: Web Services - Receiving Complex Type




Jason,
 
I use 4D’s SOAP Webservice to receive hierarchical packets of records defined 
in XML.
 
I’m not clear on your question, so please forgive me if I fail to answer it:
 
C_TEXT(tMonitorPswd;tMonitorEmail;tCurrentMachine;tCurrentMachineOwner)
C_TEXT($tMonitorPswd;$tMonitorEmail;$tCurrentMachine;$tCurrentMachineOwner)
C_LONGINT(ws_errorCode)
C_TEXT(ws_errorText)
C_LONGINT($ws_errorCode)
C_TEXT($ws_errorText)
ws_errorCode:=0  // 0=No Error
ws_errorText:=""
 
C_BLOB(xBlob;xResult;$xBlob;$xResult)
ARRAY TEXT(atProviderIDs;0)
 
SOAP_Err_Handle_Install (1)
ws_Debug
 
  //compiler_web
 
SOAP DECLARATION(tMonitorEmail;Is text;SOAP input;"MonitorEmail")
SOAP DECLARATION(tMonitorPswd;Is text;SOAP input;"MonitorPswd")
SOAP DECLARATION(tCurrentMachine;Is text;SOAP input;"CurrentMachine")
SOAP DECLARATION(tCurrentMachineOwner;Is text;SOAP input;"CurrentMachineOwner")
 
SOAP DECLARATION(xBlob;Is BLOB;SOAP input;"xBlob")
 
SOAP DECLARATION(fAuthentic;Is boolean;SOAP output;"Authentic")
SOAP DECLARATION(ws_errorCode;Is longint;SOAP output;"ws_ErrorCode")
SOAP DECLARATION(ws_errorText;Is text;SOAP output;"ws_ErrorText")
SOAP DECLARATION(xResult;Is BLOB;SOAP output;"xResult")
SOAP DECLARATION(nCnt;Is longint;SOAP output;"nCnt")
fAuthentic:=Monitor_Authenticate_Local 
(tMonitorEmail;tMonitorPswd;tCurrentMachine;tCurrentMachineOwner;Current method 
name)
$fAuthentic:=fAuthentic
 
 
ws_Declare_Cnts ("Init")
SOAP DECLARATION(nProviderCnt;Is longint;SOAP output;"nProviderCnt")
SOAP DECLARATION(nLicenseCnt;Is longint;SOAP output;"nLicenseCnt")
SOAP DECLARATION(nMenusCnt;Is longint;SOAP output;"nMenusCnt")
SOAP DECLARATION(nHome_VisitCnt;Is longint;SOAP output;"nHome_VisitCnt")
SOAP DECLARATION(nParentCnt;Is longint;SOAP output;"nParentCnt")
SOAP DECLARATION(nChildCnt;Is longint;SOAP output;"nChildCnt")
SOAP DECLARATION(nMeal_CountCnt;Is longint;SOAP output;"nMeal_CountCnt")
SOAP DECLARATION(nTrainingCnt;Is longint;SOAP output;"nTrainingCnt")
SOAP DECLARATION(nWorksheetCnt;Is longint;SOAP output;"nWorksheetCnt")
 
If ($fAuthentic)
READ ONLY(*)
   
C_TEXT($xml;$xPath;$xml_root;$tRIS;$tTableNo)
C_POINTER($pTable)
   
$xPath:="/Providers"
$xml_root:=xmlRec_NewRecord ("Providers")
$pTable:=->[Provider]
$tTableNo:=String(Table($pTable))
   
   
ARRAY TEXT($atProviderIDs;0)
BLOB TO VARIABLE(xBlob;$atProviderIDs)
   
QUERY WITH ARRAY([Provider]ID;$atProviderIDs)
   
$tRIS:=String(Records in selection([Provider]))
DOM SET XML 
ATTRIBUTE($xml_root;"TableNo";$tTableNo;"Selection";$tRIS)
   
C_LONGINT($i;$k;nCnt)
nCnt:=0
nProviderCnt:=Size of array($atProviderIDs)
   
Web_Log_SOAP (Current method name;"Getting "+String(Size of 
array($atProviderIDs))+" Provider(s) and Related")
   
For ($i;1;Size of array($atProviderIDs))
   

QUERY([Provider];[Provider]ID=$atProviderIDs{$i})
   
Case of
: (Records 

Web Services - Receiving Complex Type

[JasonH via 4D_Tech]

Forgive the double post, but my first was in the general "4D" forum and 4D
tech support suggested posting in the "4D Tech" forum.  I'm not sure if
people look at both forums, hence the double post.

---

I need to define a 4D web service called by SAP sending multiple records in
a single request.  In a nutshell 4D will be uploading a bunch of sales
orders to SAP, and SAP will invoice and return all the invoice numbers in
one request.  Something like:


 
  
   
   
  
 


I don't see any way to do this when defining the web service in 4D with SOAP
DECLARATION?  Anything I do is defined as a single occurrence only.  I
suggested having SAP send 2 matched arrays, which I can do by declaring the
input as type array, but they don't want to do that. 



--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: Web Area not visible

[Mitchell Shiller via 4D_Tech]

Hi,

A combination of things solved my problems.

1) If you have multiple web areas on the same page, make sure that the have 
different variable and object names.
2) Be sure and define the variables for the URL and the Progress.

Let me know if that works.

Mitch

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: Web Area not visible

[Piotr Chabot Stadhouders via 4D_Tech]

Hi Jeremy,

First of all the best wishes for 2020

I have the same problem, I am interested in your solution, and sort of 
understand it, but not completely
Some people say loading the content from disk with WA OPEN URL solves the 
problem, but I don't like this because of potential critical information in the 
HTML

So, when having a variable with HTML content in it, that I want to show on 
load, without having to save it on disk where do I put the HTML content?

Thanks in advance,
Piotr Chabot Stadhouders
Rotterdam, Netherlands

-Oorspronkelijk bericht-
Van: Jeremy French  
Verzonden: vrijdag 8 november 2019 04:48
Aan: 4D iNUG Technical <4d_tech@lists.4d.com>
CC: Mitchell Shiller 
Onderwerp: Re: Web Area not visible

Hi Mitch,

I resolved the failure (of the embedded web engine to display when a form 
loads) by calling (in the form's Form Method) the following:

Case of
: (Form event=On Load)

JFU_WEB_AREA_DISPLAY_FIX ("webArea")
SET TIMER(-1)

: (Form event=On Timer)

JFU_WEB_AREA_DISPLAY_FIX ("webArea")
SET TIMER(0)

End case 

JFU_WEB_AREA_DISPLAY_FIX executes:

WA OPEN URL(*;$objName_webArea_t;"about:blank")
WA SET PAGE CONTENT(*;$objName_webArea_t;"";"file:///")

Best regards,
- Jeremy French

> On Nov 7, 2019, at 3:06 PM, Mitchell Shiller via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> Anyone else notice this problem?


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: WEB GET BODY PART / VARIABLE TO BLOB / WEB SEND BLOB

[Keisuke Miyako via 4D_Tech]

Hello,

looks like you are using the wrong command for conversion.

v. to blob creates byte stream that only 4D understands.

should use "picture to blob" instead.

> 2019/12/19 1:02、Tim Daniels via 4D_Tech <4d_tech@lists.4d.com>のメール:
>
> *VARIABLE TO BLOB*([Routing_file]File;$blob)
> *WEB SEND BLOB*($blob;$[Routing_file]MimeType)
> BUT, it doesn't work for pictures. Any idea why?




**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

WEB GET BODY PART / VARIABLE TO BLOB / WEB SEND BLOB

[Tim Daniels via 4D_Tech]

I have a form to submit documents to 4D and use the WEB GET BODY PART to
locate the document and store it:








*WEB GET BODY PART*($loop;$ContentBlob;$PartName;$MimeType;$FileName)

*If* ($PartName="wo_file")

[Routing_file]File:=$ContentBlob // field is of type BLOB

[Routing_file]MimeType:=$MimeType

*End if*


Later, the file is served up from the database which works for most file
types (pdf, etc.)


*VARIABLE TO BLOB*([Routing_file]File;$blob)

*WEB SEND BLOB*($blob;$[Routing_file]MimeType)


BUT, it doesn't work for pictures. Any idea why?
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Naming a web process

[Keisuke Miyako via 4D_Tech]

Haven’t tried with HTTP processes, but have you looked into

https://blog.4d.com/whos-who-a-new-way-to-identify-users/

2019/12/08 20:37、Uist Macdonald via 4D_Tech 
<4d_tech@lists.4d.com<mailto:4d_tech@lists.4d.com>>のメール:
Is it possible to name a web session so that the name is visible in 4D Server 
Processes tab?  I know, Why would you want to do that?



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

web area and memory use

[Piotr Chabot Stadhouders via 4D_Tech]

Hi,

Windows 64 bit, 4D v17r5, Embedded rendering engine

We use 4D Web Area to show some HTML based reports
The reports are formatted by CSS and on some of the elements we enabled user 
interaction with Javascript
Sometimes there cab be quite an amount of HTML elements in the report, because 
of a lot of data

Anyway, when generating quite a large report with CSS and Javascript embedded, 
and show this in a web area, can someone tell me if there are some (memory) 
limits on this?
I am asking this because some of our users now and then, suddenly, get blank 
output while this shouldn’t be the case
Is there a way to see memory usage? Are there known memory leaks? I am touching 
in the dark with this, but my feeling is we are having a web area memory problem

I hop someone can help me,
Piotr

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Naming a web process

[Uist Macdonald via 4D_Tech]

Is it possible to name a web session so that the name is visible in 4D 
Server Processes tab?  I know, Why would you want to do that?


Uist

--

Ceres Computer Consultants Ltd

Registered Office:
South Scotstarvit
Chance Inn
Cupar
Fife KY15 5QJ

+44 (0) 1334 828002

Registered in Scotland : SC107838

An ISO 9001 registered company.

This message including any attachments, is intended and authorized for
the addressee only, and may contain privileged and/or confidential
information.  If you are not the authorized addressee, you are not
authorized to either review or disseminate this message.  Accordingly,
if you are not the intended and authorized recipient, please disregard
this message and notify the sender.  If you are the authorized
addressee, you may use this for the purpose for which it was intended; a
direct, personal communication to you and your legal agents.  You may
not distribute it to or publish it in any public forum without prior,
specific, written permission from the sender.
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Server Security

[Tom Swenson via 4D_Tech]

My two cents:

Many valuable suggestions in this thread on front ends, serving static files, 
etc.

I'd bet most of the auditors are searching for things like SQL injection 
attacks. They probably won't be able to find any of those on a 4D web server 
and most won't know enough about 4D to craft similar attacks. 

However, ...

Someone knowledgeable in 4D (a _very_ small set of people compared to those who 
are conversant in SQL) might be possible to form similar injection style 
attacks on a given codebase. At the least, with any use of php, you should 
parameterize, type check, and sanity check any input from forms, web services, 
and suchlike.

Tom Swenson 



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Server Security

[Paul Dennis via 4D_Tech]

I assumed this was internet facing hence my Nginx comments. As well as
serving the static content Nginx or Apache as a proxy supports Lets Encrypt
so you dont have to worry about ssl. If you proxy nginx does the ssl bit and
as long as its on localhost you can connect to 4D on port 80 which is a lot
faster. 



--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Server Security

[Bruno LEGAY via 4D_Tech]

Hi,

> 
> I get comfort from all the efforts that 4D has made to be very secure, but 
> when a customer hands you a 644 cyber security audit report and says “Address 
> these issues”, I need to know where to begin.
> 
> It’s one thing for 4D to be able to say their product can pass all security 
> audits, but there seem to be myriad ways for a developer to compromise that 
> security by not following best practices. Most 4D developers are not cyber 
> security experts, so we rely on best practices to guide us.

We work on a regular basis for a company which is very strict on security.
This is not a big projet. Rather a side projet for them. The server is nowhere 
near connected to their main infrastructure, but still they apply their 
security standards for the project.

The project was done with PHP and Laravel (not by me but by a colleague who is 
fluent in php). I realize it won't help you directly in term of 4D web site, 
but we generally learnt from this process.

Every change to the web site goes through security audit from an large 
independent security (Orange Cyberdefense).
1. functional test
2. bug fix
3. final functional validation. 

4. security audit (with a report)
5..fixing security issues
6. counter security audit (with report to confirm security issue are 
fixed)

7. site deployed in production

The site only goes live when the counter security audit is successful (security 
issues all addressed).

We have to provide a technical documentation upfront
- versions of system, tools, libraries, framework used
- we describe the architecture of the solution
- we provide login and password for the tested application (so the can 
pretend to be a user).

An audit configuration is delivered (similar to production but access 
restricted to the ip adresses of the audit company).

From what I have seen (looking at the logs we record during the audit, from the 
report)
- they run automated test to check for standard problem (port scans, 
check for CVE/ exploits, malicious urls, etc...)
- they try classic sql injections, xss attacks
- they got us to adjust the apache configuration (restrict TLS ciphers 
to higher standards, prevent apache to reveal its version, disable some default 
insecure apache options, etc...)
- they asked us to add re-captcha (to mitigate brute force attacks on 
login page)
- they made us fix security issues in the javascript

Since we use a decent framework (Laravel) we did not have many security issues. 
I suppose it would have been much worse if we did write a php site from 
scratch...

What amazes me is that they come up with new things to fix at every 
iteration... Every time, we deal with different people, their expectation level 
seem to be raised each time. 

> Is there a concise comprehensive guide to best practices for 4D development 
> with respect to Web Security? If not, I think this would be a great Tech 
> Note/Summit Session. 
+1 for a session at the summit.

HTH
Bruno LEGAY
A Consulting



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Server Security

[Doug Hall via 4D_Tech]

I use Nginx as a reverse proxy, as well (running on a Mac, though.) I'm in
the process of converting to 4D v17, so I can't speak to it's latest
performance as a web server, but Nginx has better performance (unless I
configured 4D incorrectly) at serving static files than v15. So, I have it
set up to intercept calls to css, javascript, and image files (on a
specific location), and serve those directly. Also, Nginx serves the secure
socket layer, so it's configured with the certificate information. The 4D
remote (proxy) connection behind it, is unsecured, and (from what I've been
told from other posters) more performant and more reliable that way. I
didn't test it personally, but it is very fast. We use Active4D on a 4D
remote connection, with a separate 4D Server.

Doug

On Sat, Nov 23, 2019 at 3:50 AM Paul Dennis via 4D_Tech <
4d_tech@lists.4d.com> wrote:

> I always run 4d webserver behind an niginx web proxy. Nginx can server
> static
> content then forward valid requests. You can use the rewrite rules to
> validate requests. 4D then does the rest via on web Connection
> authentication. Nginx is open source, I run the Windows version as a
> service.
>
> http://nginx-win.ecsds.eu/
>
> Paul
>
>
>
> --
> Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Server Security

[Ronald Rosell via 4D_Tech]

(Sorry, sent this earlier but “from” the wrong email address so the list didn’t 
pick it up.)

A few things to consider:

1) Even if you’re only serving dynamic pages, you can configure a front-end 
server to directly serve images and Javascript files, letting everything else 
proxy through to 4D.  That will offload a lot of “static” processing from your 
database.

2) If you’re supporting multiple domains, having a front-end will let you serve 
virtual domains, each with its own TLS certificate.  Then you can just 
proxypass to the port the database is listening to (excluding .js, .jpg, and 
other static files).

3) The Mac (and, I believe, Windows) both require workarounds to have 4D listen 
to port 80, such as having the database run as root.  Using Apache or IIS as a 
front-end with a proxy, the database can listen to a higher-range port.


I hope this is helpful!

Ron Rosell
__

Ron Rosell
President
StreamLMS

301-3537 Oak Street
Vancouver, BC V6H 2M1
Canada

Direct phone (all numbers reach me)
Vancouver: (+1) (604) 628-1933  |  Seattle: (+1) (425) 956-3570  |  Palm Beach: 
(+1) (561) 351-6210 
email: r...@streamlms.com <mailto:r...@streamlms.com>  |  fax: (+1) (815) 
301-9058  |  Skype: ronrosell

> On Nov 25, 2019, at 1:19 PM, Richard Wright via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> I’m only interested in serving through On Web Connection, no static pages. So 
> why do I need anything in front of 4D? Are there known vulnerabilities in 4D 
> other than bad programming? Is there anyway to “break” into the data? Or 
> “break” into files that don’t exist in the web folder? What does putting 
> something in front of 4D gain?

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Server Security

[Tom Benedict via 4D_Tech]

I get comfort from all the efforts that 4D has made to be very secure, but when 
a customer hands you a 644 cyber security audit report and says “Address these 
issues”, I need to know where to begin.

It’s one thing for 4D to be able to say their product can pass all security 
audits, but there seem to be myriad ways for a developer to compromise that 
security by not following best practices. Most 4D developers are not cyber 
security experts, so we rely on best practices to guide us.

Is there a concise comprehensive guide to best practices for 4D development 
with respect to Web Security? If not, I think this would be a great Tech 
Note/Summit Session. 

Tom Benedict

> Lutz,
> 
> Perfect, this is the information I was looking for.
> 
> In the Apache example, when you say you are running multiple instances of 
> your application, are you manually implementing the load balancing or somehow 
> have Apache performing the load balancing?  
> 
> This load balancing is something of great interest to me, especially when 
> wanting to run multiple instances, but it is an area I'm not very strong in.  
> Are you using 4D Client as the "instances" all pointing to a single 4D Server?
> 
> Any insight is appreciated!
> 
> Best,
> 
> Steve

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

AW: 4D Web Server Security

[Epperlein, Lutz (agendo) via 4D_Tech]

Steve,

we don't do any load balancing, so I'm afraid I can't contribute anything. But 
that's an interesting area.

Regards
Lutz

-Ursprüngliche Nachricht-
Betreff: RE: 4D Web Server Security

Lutz,

Perfect, this is the information I was looking for.

In the Apache example, when you say you are running multiple instances of your 
application, are you manually implementing the load balancing or somehow have 
Apache performing the load balancing?  

This load balancing is something of great interest to me, especially when 
wanting to run multiple instances, but it is an area I'm not very strong in.  
Are you using 4D Client as the "instances" all pointing to a single 4D Server?

Any insight is appreciated!

Best,


Steve
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: 4D Web Server Security

[Stephen J. Orth via 4D_Tech]

Lutz,

Perfect, this is the information I was looking for.

In the Apache example, when you say you are running multiple instances of your 
application, are you manually implementing the load balancing or somehow have 
Apache performing the load balancing?  

This load balancing is something of great interest to me, especially when 
wanting to run multiple instances, but it is an area I'm not very strong in.  
Are you using 4D Client as the "instances" all pointing to a single 4D Server?

Any insight is appreciated!

Best,


Steve


-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> On Behalf Of Epperlein, Lutz 
(agendo) via 4D_Tech
Sent: Tuesday, November 26, 2019 8:34 AM
To: '4D iNug Technical' <4d_tech@lists.4d.com>
Cc: Epperlein, Lutz (agendo) 
Subject: AW: 4D Web Server Security

It depends ...
If the customer wants to run the application on their own (virtual) hardware 
then port 80 and/or 443 is used. But this run configuration isn't in the focus 
of the audits.

In all other cases, application is accessible over the internet, we use an 
Apache web server in front. But the reason for that aren't security 
considerations, it is simply because we run multiple instances of our 
application behind it and we configure different virtual hosts for the Apache 
server, each virtual host works as a reverse proxy/gateway for each app 
instance. Then every application runs on an different port. From the outside it 
appears as port 80, since the Apache runs on this port.

The audits have different areas, so they pay special attention to our rather 
exotic server software. But as I said, the IT security guys were surprised 
about the high standard of 4D.

Regards
Lutz


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Server Security

[Neil Dennis via 4D_Tech]

>What port are you serving your web application on?

I’m not Lutz, but to be secure you will need https over port usually 443. You 
will need to create certs with an authority and have them installed.

Neil

—




**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

AW: 4D Web Server Security

[Epperlein, Lutz (agendo) via 4D_Tech]

It depends ...
If the customer wants to run the application on their own (virtual) hardware 
then port 80 and/or 443 is used. But this run configuration isn't in the focus 
of the audits.

In all other cases, application is accessible over the internet, we use an 
Apache web server in front. But the reason for that aren't security 
considerations, it is simply because we run multiple instances of our 
application behind it and we configure different virtual hosts for the Apache 
server, each virtual host works as a reverse proxy/gateway for each app 
instance. Then every application runs on an different port. From the outside it 
appears as port 80, since the Apache runs on this port.

The audits have different areas, so they pay special attention to our rather 
exotic server software. But as I said, the IT security guys were surprised 
about the high standard of 4D.

Regards
Lutz

-Ursprüngliche Nachricht-
Betreff: RE: 4D Web Server Security

Lutz,

What port are you serving your web application on?

Steve

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: 4D Web Server Security

[Stephen J. Orth via 4D_Tech]

Lutz,

What port are you serving your web application on?

Steve

-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> On Behalf Of Epperlein, Lutz 
(agendo) via 4D_Tech
Sent: Tuesday, November 26, 2019 2:31 AM
To: 4D iNug Technical <4d_tech@lists.4d.com>
Cc: Epperlein, Lutz (agendo) 
Subject: AW: 4D Web Server Security

To be a bit illustrative ...
From time to time we have to undergo security audits of our web application. 
The last time the IT security consultant, who made the audit, said he never 
found an application which so few security issues, because there weren’t any.
Mostly they find some issues.


-Ursprüngliche Nachricht-
Betreff: Re: 4D Web Server Security

I’m only interested in serving through On Web Connection, no static pages. So 
why do I need anything in front of 4D? Are there known vulnerabilities in 4D 
other than bad programming? Is there anyway to “break” into the data? Or 
“break” into files that don’t exist in the web folder? What does putting 
something in front of 4D gain?


Richard Wright
DataDomain
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

AW: 4D Web Server Security

[Epperlein, Lutz (agendo) via 4D_Tech]

To be a bit illustrative ...
From time to time we have to undergo security audits of our web application. 
The last time the IT security consultant, who made the audit, said he never 
found an application which so few security issues, because there weren’t any.
Mostly they find some issues.


-Ursprüngliche Nachricht-
Betreff: Re: 4D Web Server Security

I’m only interested in serving through On Web Connection, no static pages. So 
why do I need anything in front of 4D? Are there known vulnerabilities in 4D 
other than bad programming? Is there anyway to “break” into the data? Or 
“break” into files that don’t exist in the web folder? What does putting 
something in front of 4D gain?


Richard Wright
DataDomain
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: 4D Web Server Security

[Dennis, Neil via 4D_Tech]

>> What does putting something in front of 4D gain?

4D claims and I have tested, out of the box 4d will get A+ ratings on security 
checks... as long as you are using the latest version and latest operating 
systems you are OK.


Neil


--




Privacy Disclaimer: This message contains confidential information and is 
intended only for the named addressee. If you are not the named addressee you 
should not disseminate, distribute or copy this email. Please delete this email 
from your system and notify the sender immediately by replying to this email.  
If you are not the intended recipient you are notified that disclosing, 
copying, distributing or taking any action in reliance on the contents of this 
information is strictly prohibited.

The Alternative Investments division of UMB Fund Services provides a full range 
of services to hedge funds, funds of funds and private equity funds.  Any tax 
advice in this communication is not intended to be used, and cannot be used, by 
a client or any other person or entity for the purpose of (a) avoiding 
penalties that may be imposed on any taxpayer or (b) promoting, marketing, or 
recommending to another party any matter addressed herein.
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Server Security

[Richard Wright via 4D_Tech]

I’m only interested in serving through On Web Connection, no static pages. So 
why do I need anything in front of 4D? Are there known vulnerabilities in 4D 
other than bad programming? Is there anyway to “break” into the data? Or 
“break” into files that don’t exist in the web folder? What does putting 
something in front of 4D gain?


Richard Wright
DataDomain
rwri...@datadomainsoftware.com


> Date: Sat, 23 Nov 2019 03:04:43 -0700 (MST)
> From: Paul Dennis  <mailto:i...@completepicture.co.uk>>
> 
> I always run 4d webserver behind an niginx web proxy. Nginx can server static
> content then forward valid requests. You can use the rewrite rules to
> validate requests. 4D then does the rest via on web Connection
> authentication. Nginx is open source, I run the Windows version as a
> service.
> 
> http://nginx-win.ecsds.eu/ <http://nginx-win.ecsds.eu/>
> 
> Paul

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Server Security

[Paul Dennis via 4D_Tech]

I always run 4d webserver behind an niginx web proxy. Nginx can server static
content then forward valid requests. You can use the rewrite rules to
validate requests. 4D then does the rest via on web Connection
authentication. Nginx is open source, I run the Windows version as a
service.

http://nginx-win.ecsds.eu/

Paul



--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: 4D Web Server Security

[Randy Engle via 4D_Tech]

Richard,

Just a few thoughts:

This is a topic that is very near and dear to me.
I don't have it completely handled yet, but getting close.
More and more organizations are running cyber scans and getting very, very 
picky about things

RE: If I understand things correctly, the outside world only has access to 
static pages in the web folder and everything else goes through On Web 
Connection and it has to pass through On Web Authentication first.

The above  is not quite true

If you have a "Web" folder, that is published by 4D, and you have a file in 
that folder:  foobar.html
Someone from the outside can access it without going through on web connection: 
 http://myweb/foobar.html

Many people are recommending a "decoy" web folder, and then putting the real 
McCoy into another folder (outside of the web folder) that gets accessed 
programmatically.  In our case, I'm loading the contents of the file, running 
PROCESS 4D TAGS, and then publishing using WEB SEND BLOB.  This keeps someone's 
little mits off of the actual file.

But this is not enough in many cases with cyber security depts these days.
I'm in the process of building a faux "Web Application Firewall" in 4D, that 
runs in the ON WEB AUTHENTICATION method.

Using a 3rd party like Cloudflare can handle some of these items, e.g. DDOS 
attacks and some of the Firewall stuff.
As well, you can put something like Apache or NGINIX in front of your 4D App, 
and configure the Web Firewall there.
However many cyber security depts want to know that your web app is secure 
without 3rd party stuff.

Currently I'm working on building a "White List" of any possbile URLs to our 
web app.
If it ain't in the White List, it doesn't get past ON WEB AUTHENTICATION.
I just have to be careful to make sure that I add any new URLs to the White 
list.

These are just a few items that I'm trying, don't know how the next cyber scan 
will turn out.

There are many other 4D folks who can chime in here as well.

Randy Engle


-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> On Behalf Of Richard Wright via 
4D_Tech
Sent: Thursday, November 21, 2019 1:43 PM
To: 4d_tech@lists.4d.com
Cc: Richard Wright 
Subject: 4D Web Server Security

Anyone care to share their experience and insights as to the security of the 4D 
Web Server? There’s lots of talk these days about DOS and putting in a DMZ, but 
what is really necessary in 4D land? If I understand things correctly, the 
outside world only has access to static pages in the web folder and everything 
else goes through On Web Connection and it has to pass through On Web 
Authentication first.


Richard Wright
DataDomain
rwri...@datadomainsoftware.com <mailto:rwri...@datadomainsoftware.com>


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

4D Web Server Security

[Richard Wright via 4D_Tech]

Anyone care to share their experience and insights as to the security of the 4D 
Web Server? There’s lots of talk these days about DOS and putting in a DMZ, but 
what is really necessary in 4D land? If I understand things correctly, the 
outside world only has access to static pages in the web folder and everything 
else goes through On Web Connection and it has to pass through On Web 
Authentication first.


Richard Wright
DataDomain
rwri...@datadomainsoftware.com <mailto:rwri...@datadomainsoftware.com>


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Area, 4D method Parameters

[Mitchell Shiller via 4D_Tech]

Thanks. That did it.
>> 
> 
> It probably should be 
> 
>  
> --
> 
> Peter Bozek
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Area, 4D method Parameters

[Peter Bozek via 4D_Tech]

On Mon, Nov 11, 2019 at 10:29 PM Mitchell Shiller via 4D_Tech <
4d_tech@lists.4d.com> wrote:

>
>
> BUT, $1 is blank. Anyone know why $1 does not pick up the “Row 1” or “Row
> 2”?
>
> Thanks. Probably pretty basic but I am very novice with HTML.
>
>
It probably should be


--

Peter Bozek
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Area, 4D method Parameters

[Keisuke Miyako via 4D_Tech]

should not the string argument be quoted? since you are already inside double 
quotation you should use single quotes. alternatively you could pass the 
javascript 'event' object.



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Web Area, 4D method Parameters

[Mitchell Shiller via 4D_Tech]

Hi,

Starting working on displaying a table in a web area.
Have my HTML working correctly. i.e. my 4D data is displaying correctly.

My goal is to run a 4D method when clicking on a table row.

My table row is populated with the following HTML (rest of document left out 
for brevity sake);


  Miscellaneous 4D data 



  Next 4D data 



WA_CLICK has the following 4D code;

C_TEXT($1;$Text)
TRACE
$Text:=$1
ALERT("Web Area Clicked"+$Text)

I load the html and the all is fine.
I click on the line and the 4D method is called and stops at the TRACE.

BUT, $1 is blank. Anyone know why $1 does not pick up the “Row 1” or “Row 2”?

Thanks. Probably pretty basic but I am very novice with HTML.

Thanks

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Application and SAML or OpenID Connect

[Keith White via 4D_Tech]

Hi

Thanks for all the responses.   As always, there is more than one way to do it.

Looks like OpenID Connect may be simpler.  We've already got some OAuth code in 
use for external application interfaces.

Best regards

Keith White
Synergist Express Ltd, UK.
4697775
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Area not visible

[Jeremy French via 4D_Tech]

Hi Mitch,

I resolved the failure (of the embedded web engine to display when a form 
loads) by calling (in the form's Form Method) the following:

Case of
: (Form event=On Load)

JFU_WEB_AREA_DISPLAY_FIX ("webArea")
SET TIMER(-1)

: (Form event=On Timer)

JFU_WEB_AREA_DISPLAY_FIX ("webArea")
SET TIMER(0)

End case 

JFU_WEB_AREA_DISPLAY_FIX executes:

WA OPEN URL(*;$objName_webArea_t;"about:blank")
WA SET PAGE CONTENT(*;$objName_webArea_t;"";"file:///")

Best regards,
- Jeremy French

> On Nov 7, 2019, at 3:06 PM, Mitchell Shiller via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> Anyone else notice this problem?

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Area not visible

[Mitchell Shiller via 4D_Tech]

Thanks Kirk. That did it.

Mitch
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Area not visible

[Kirk Brooks via 4D_Tech]

Mitch,
Well I confirm that if you enable the web kit and don't have a url the area
is blank.

But if I set and load a url the are appears as expected. And in this
configuration looks exactly the same as running without.

On Thu, Nov 7, 2019 at 12:06 PM Mitchell Shiller via 4D_Tech <
4d_tech@lists.4d.com> wrote:

> Kirk,
>
> I could run Chrome on it, but I need to access 4D methods and that
> requires the embedded engine.
>
> Anyone else notice this problem?
>
>  Takes 1 minute to recreate. New dB. Create a form. Put a web area on it.
> Select use embedded engine. Run form.
>
> Just want to know if it is particular to my setup or if it is A 4D bug?
>
> Thanks
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **



-- 
Kirk Brooks
San Francisco, CA
===

What can be said, can be said clearly,
and what you can’t say, you should shut up about

*Wittgenstein and the Computer *
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Area not visible

[Mitchell Shiller via 4D_Tech]

Kirk,

I could run Chrome on it, but I need to access 4D methods and that requires the 
embedded engine.

Anyone else notice this problem?

 Takes 1 minute to recreate. New dB. Create a form. Put a web area on it. 
Select use embedded engine. Run form.

Just want to know if it is particular to my setup or if it is A 4D bug?

Thanks
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web Area not visible

[Kirk Brooks via 4D_Tech]

Mitch,
The web engine has been changed in 16r2 to Blink.
https://kb.4d.com/assetid=77745

Are you able to run Chrome on this Mac?


On Wed, Nov 6, 2019 at 12:03 PM Mitchell Shiller via 4D_Tech <
4d_tech@lists.4d.com> wrote:

> Hi,
>
> MacOs 12.6
> 4D v17R6
>
> Create a form.
> Put a Web Area on it.
> Open the form and the Web Area is visible.
>
> Same layout. Select “Use embedded Web rendering engine”.
> Open the form and the Web Area is not visible
>
> Any ideas? What am I missing?
>
> Thanks
>
> Mitch
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **



-- 
Kirk Brooks
San Francisco, CA
===

What can be said, can be said clearly,
and what you can’t say, you should shut up about

*Wittgenstein and the Computer *
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Web Area not visible

[Mitchell Shiller via 4D_Tech]

Hi,

MacOs 12.6 
4D v17R6

Create a form.
Put a Web Area on it.
Open the form and the Web Area is visible.

Same layout. Select “Use embedded Web rendering engine”.
Open the form and the Web Area is not visible

Any ideas? What am I missing?

Thanks

Mitch
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Application and SAML or OpenID Connect

[Rob Laveaux via 4D_Tech]

> On 5 Nov 2019, at 17:53, Narinder Chandi via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> Has anyone done work on implementing either SAML or OpenID Connect protocol 
> in native 4D code for single sign-on in 4D Web Applications?   I know about 
> 4D's work on single sign on using Active Directory and/or LDAP etc, but this 
> question is specifically for SAML or OpenID Connect.

Hi Keith,

Yes, I have experience with Open ID Connect. A customer of mine got the 
requirement to handle user authentication through an OpenID Connect provider. I 
think the customer was using Microsoft’s Azure Active Directory. So basically I 
had to replace the login screen of their desktop application with the login 
screen of the OpenID provider. If you are familiar with OAuth2, then it works 
quite the same. In a web area we show the provider’s login screen. Upon 
successful login, the 4D app receives a JSON Web Token (JWT), that contains the 
user’s information with a digital signature on it. This JWT then needed to be 
verified against X509 digital certificates in the JWKS format. That was a bit 
more of a technical challenge, but I developed this functionality for NTK 
Plugin.

I do not remember the exact details because it is almost 2 years ago that I 
have developed this.
But let me know if you have any questions or need help.

Kind regards,

- Rob Laveaux


Pluggers Software
Scholekstersingel 48
2496 MP  Den Haag
The Netherlands

Email: rob.lave...@pluggers.nl
Website: http://www.pluggers.nl





**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

AW: 4D Web Application and SAML or OpenID Connect

[Epperlein, Lutz (agendo) via 4D_Tech]

Hi,

we do something in this area. We use an Apache webserver in front of the 4D web 
server as a reverse proxy or gateway. There is an Apache module called 
mod_auth_openidc (https://github.com/zmartzone/mod_auth_openidc) which is 
configured to use an external identity provider (IP). In our case this is a 
Keycloak server (https://www.keycloak.org/).
On the 4D side you have to check the additional headers delivered by the module 
only. 
Further questions regarding the configuration of the module I'm not able to 
answer, this were done by external colleagues. There is comprehensive 
documentation on the mentioned websites.

Regards
Lutz Epperlein






**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Application and SAML or OpenID Connect

[Narinder Chandi via 4D_Tech]

Keith,

Hi. It looks like it would be a lot of work to do a native implementation of 
OIDC in 4D?

Why not instead look at providing support for services such as OneLogin, Auth0, 
AWS Cognito instead? Certainly the former 2 of those appear to offer REST APIs 
to. Cognito doesn't offer a REST API but there is a PHP library (I did an 
integration with that last year, non-4D solution) but for your purposes you can 
avoid PHP I think by integrating with the aws-cli and LEP?

Regards,
Narinder Chandi,
ToolBox Systems Ltd.
https://toolbox.systems
 
I am available for new consulting opportunities…
http://4d.1045681.n5.nabble.com/ANN-4D-Developer-Available-td5765443.html
-- 

-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> on behalf of 4D Tech Mailing List 
<4d_tech@lists.4d.com>
Reply-To: 4D Tech Mailing List <4d_tech@lists.4d.com>
Date: Monday, 4 November 2019 at 18:01
To: 4D Tech Mailing List <4d_tech@lists.4d.com>
Cc: Keith White 
Subject: 4D Web Application and SAML or OpenID Connect

Hi

Has anyone done work on implementing either SAML or OpenID Connect protocol 
in native 4D code for single sign-on in 4D Web Applications?   I know about 
4D's work on single sign on using Active Directory and/or LDAP etc, but this 
question is specifically for SAML or OpenID Connect.

Services like https://www.onelogin.com/ support these protocols and we're 
being asked more about it.

PHP is one way I suppose, but we currently don't use PHP and I'd prefer a 
native 4D solution.

Many thanks.

Best regards

Keith White
Synergist Express Ltd, UK.
4697775
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

4D Web Application and SAML or OpenID Connect

[Keith White via 4D_Tech]

Hi

Has anyone done work on implementing either SAML or OpenID Connect protocol in 
native 4D code for single sign-on in 4D Web Applications?   I know about 4D's 
work on single sign on using Active Directory and/or LDAP etc, but this 
question is specifically for SAML or OpenID Connect.

Services like https://www.onelogin.com/ support these protocols and we're being 
asked more about it.

PHP is one way I suppose, but we currently don't use PHP and I'd prefer a 
native 4D solution.

Many thanks.

Best regards

Keith White
Synergist Express Ltd, UK.
4697775
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web aficionados - Not allow user to access file directly

[Paul Dennis via 4D_Tech]

Hello Tom,

The advantage of the nginx proxy approach is speed and serving multiple
domains or sites. For example we have our main site running under the Joomla
CMS (no point reinventing the wheel). Nginx proxies requests between joomla
and 4D for our 4D Quote system and it is transparent to the user.  See
https://www.youdopet.com/  With Nginx on the public IP address gives a lot
of flexibility if developing as you can redirect easily to different
servers.

Paul



--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web aficionados - Not allow user to access file directly

[Keith White via 4D_Tech]

Hi

For the HTML markup files, I suggest using the extension .shtml rather than 
.html

For us any direct request for a .shtml file will trigger On Web Authentication 
and you can catch and reject the request.

Doing that allows you to keep things simpler in a single folder and you don't 
have to worry about serving stuff outside the web folder.  Personally I don't 
like the idea of having any code in play that can retrieve a file on disk from 
outside the default web folder.  Not a problem if coded correctly of course.

Hope that helps.

Best regards

Keith White
Synergist Express Ltd, UK.
4697775

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web aficionados - Not allow user to access file directly

[Tom DeMeo via 4D_Tech]

Hi,


A few commenters have suggested placing a 4D Web server behind a proxy server.

The problem as described can be very easily solved with very little change in 
complexity and without involving other technologies. One of the reasons we all 
use 4D is that it allows us to solve problems with less complexity. I suggest 
that developers should try to use just the 4D web server unless you have a good 
reason not to.  

Most of the time when I’ve encountered more complex web architectures involving 
4D and other technologies, it didn’t solve much of anything and just made 
maintenance and development more difficult.

Can anyone come up with an anecdote of any actual exploited vulnerabilities of 
a well constructed 4D web site?



Tom DeMeo
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web aficionados - Not allow user to access file directly

[Paul Dennis via 4D_Tech]

I place nginx as a proxy in front of 4d. Its very straightforward and can run
on linux and windows. Nginx runs the public port and can serve all static
resources images css etc.  You can use lets encrypt for free ssl. This way
the proxy to 4D can run on http to say port 8080 which is faster and 4D
server is not exposed to internet. There sould be some toer posts on Nug
about this.
Cheers
Paul



--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web aficionados - Not allow user to access file directly

[Dani Beaubien via 4D_Tech]

Hi Randy, the setup you are looking for is what I have done for all my projects.

I have two folders: “WEB_Public” and “WEB_Private”.

WEB_Public contains all my static assets like images, javascript, css, etc. 
There are no 4D tags in any of these files.

WEB_Private contains all my application specific code. When a URL comes in, if 
it is for a static file, 4D servers it directly. If it is not then the On Web 
Connection method is triggered and my application log runs. From there I can 
ensure that the session is loaded and I process the request and eventually send 
one of the files out of the WEB_Private folder.

It works very nicely and I have my static and dynamic files separated into 
different folders.

Feel free to reach out directly if you want some more information on my 
approach.

Dani Beaubien
Open Road Development

> On Oct 1, 2019, at 10:33 AM, Kirk Brooks via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> Randy,
> On Tue, Oct 1, 2019 at 9:05 AM Randy Engle via 4D_Tech <4d_tech@lists.4d.com>
> wrote:
> 
>> Most of our customers are resistant to proxy servers
>> They think that we should be handling all of it.
>> 
> Are these the same guys who do such a great job protecting themselves from
> ransom ware?
> 
> 
> -- 
> Kirk Brooks
> San Francisco, CA
> ===
> 
> What can be said, can be said clearly,
> and what you can’t say, you should shut up about
> 
> *Wittgenstein and the Computer *
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web aficionados - Not allow user to access file directly

[Kirk Brooks via 4D_Tech]

Randy,
On Tue, Oct 1, 2019 at 9:05 AM Randy Engle via 4D_Tech <4d_tech@lists.4d.com>
wrote:

> Most of our customers are resistant to proxy servers
> They think that we should be handling all of it.
>
Are these the same guys who do such a great job protecting themselves from
ransom ware?


-- 
Kirk Brooks
San Francisco, CA
===

What can be said, can be said clearly,
and what you can’t say, you should shut up about

*Wittgenstein and the Computer *
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: Web aficionados - Not allow user to access file directly

[Randy Engle via 4D_Tech]

Hi Kirk,

Thanks for the info.
Most of our customers are resistant to proxy servers
They think that we should be handling all of it.

So... I'll need to go to plan "B"



Randy Engle

-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> On Behalf Of Kirk Brooks via 
4D_Tech
Sent: Tuesday, October 1, 2019 8:55 AM
To: 4D iNug Technical <4d_tech@lists.4d.com>
Cc: Kirk Brooks 
Subject: Re: Web aficionados - Not allow user to access file directly

Hey Randy,
The optimal way to achieve this is to set up the website with a different web 
server functioning as the node publicly exposed to the internet. That server 
deals with all the authentication and heavy protection stuff 4D isn't very good 
at and communicates with your 4D server via API calls. Your 4D server can be 
locked down to only talk with something coming from a specific IP address (the 
front facing server) on a specific port.

If you can't do that the 4D server will statically serve any pages in the web 
folder with the one you identify as the index page being the default.
If you set the default page to a non-existent page, xxx.html for instance.
In this case

"The On Web Authentication Database Method is automatically called, regardless 
of the mode, when a request or processing requires the execution of a 4D 
method. It is also called when the Web server receives an invalid static URL 
(for example, if the static page requested does not exist)."
https://doc.4d.com/4Dv17R5/4D/17-R5/On-Web-Authentication-Database-Method.300-4127485.en.html


So you can intercept and validate using On web auth. If you do nothing in On 
web auth the request flows to On web connect. I generally deal with the 
requests there.

You can use the scheme of serving web pages stored elsewhere and/or construct 
the response in code. At this point you are really building and API more than a 
web server - which I think is a good thing.

If you are going to use 4D code to actually construct html pages I really 
encourage building the html as templates (stored outside the web folder).
Use Process 4D tags to populate them with data you develop in code. I find 
attempting to construct anything more than the most trivial html in 4D code the 
path to long hours and great unhappiness.


On Tue, Oct 1, 2019 at 8:38 AM Randy Engle via 4D_Tech <4d_tech@lists.4d.com>
wrote:

> Hi Web Experts,
>
> I don't want the web users to access html files directly, without 
> going through ON WEB CONNECTION.
>
> e.g.
>
> http://myweb/foobar.html
>
> If "foobar.html" exists in the web folder, Users can put in this in 
> the address and it will pull up the web page, but will not process the 
> 4D Tags, etc.
> Very, very funky.
>
> So, I'm probably being a dope, but does anyone know what I can do to 
> prevent accessing html files directly?
>
> Gracious thanks
>
> Randy Engle
>
>
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **



--
Kirk Brooks
San Francisco, CA
===

What can be said, can be said clearly,
and what you can’t say, you should shut up about

*Wittgenstein and the Computer *
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: Web aficionados - Not allow user to access file directly

[Randy Engle via 4D_Tech]

Hi Lutz,

Thanks for the info!

Yes, I've got a copy of "Web Companion" somewhere.

Will check it out.

Randy Engle

-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> On Behalf Of Epperlein, Lutz 
(agendo) via 4D_Tech
Sent: Tuesday, October 1, 2019 8:49 AM
To: 4D iNug Technical <4d_tech@lists.4d.com>
Cc: Epperlein, Lutz (agendo) 
Subject: AW: Web aficionados - Not allow user to access file directly

Use the so-called "Web decoy" technique. Basically you put your html files in 
another folder outside your html root. Then redirect all requests using ON WEB 
CONNECTION. For every http request 4D cannot serve directly, it uses ON WEB 
CONNECTION.

This is more elaborated e.g. here:

How to skip over HTTP and redirect to HTTPS
https://kb.4d.com/assetid=75313
How to skip over HTTP and redirect to HTTPS: Part 2 (The Web decoy folder)
https://kb.4d.com/assetid=75753

And there was a book "The Web Companion" by David Adams, it's a bit old now, 
but the technique remains the same. If you can get a copy ...

HTH

Regards
Lutz

-----Ursprüngliche Nachricht-
Betreff: Web aficionados - Not allow user to access file directly

Hi Web Experts,

I don't want the web users to access html files directly, without going through 
ON WEB CONNECTION.

e.g.

http://myweb/foobar.html

If "foobar.html" exists in the web folder, Users can put in this in the address 
and it will pull up the web page, but will not process the 4D Tags, etc.
Very, very funky.

So, I'm probably being a dope, but does anyone know what I can do to prevent 
accessing html files directly?

Gracious thanks

Randy Engle


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web aficionados - Not allow user to access file directly

[Kirk Brooks via 4D_Tech]

Hey Randy,
The optimal way to achieve this is to set up the website with a different
web server functioning as the node publicly exposed to the internet. That
server deals with all the authentication and heavy protection stuff 4D
isn't very good at and communicates with your 4D server via API calls. Your
4D server can be locked down to only talk with something coming from a
specific IP address (the front facing server) on a specific port.

If you can't do that the 4D server will statically serve any pages in the
web folder with the one you identify as the index page being the default.
If you set the default page to a non-existent page, xxx.html for instance.
In this case

"The On Web Authentication Database Method is automatically called,
regardless of the mode, when a request or processing requires the execution
of a 4D method. It is also called when the Web server receives an invalid
static URL (for example, if the static page requested does not exist)."
https://doc.4d.com/4Dv17R5/4D/17-R5/On-Web-Authentication-Database-Method.300-4127485.en.html


So you can intercept and validate using On web auth. If you do nothing in
On web auth the request flows to On web connect. I generally deal with the
requests there.

You can use the scheme of serving web pages stored elsewhere and/or
construct the response in code. At this point you are really building and
API more than a web server - which I think is a good thing.

If you are going to use 4D code to actually construct html pages I really
encourage building the html as templates (stored outside the web folder).
Use Process 4D tags to populate them with data you develop in code. I find
attempting to construct anything more than the most trivial html in 4D code
the path to long hours and great unhappiness.


On Tue, Oct 1, 2019 at 8:38 AM Randy Engle via 4D_Tech <4d_tech@lists.4d.com>
wrote:

> Hi Web Experts,
>
> I don't want the web users to access html files directly, without going
> through ON WEB CONNECTION.
>
> e.g.
>
> http://myweb/foobar.html
>
> If "foobar.html" exists in the web folder, Users can put in this in the
> address and it will pull up the web page, but will not process the 4D Tags,
> etc.
> Very, very funky.
>
> So, I'm probably being a dope, but does anyone know what I can do to
> prevent accessing html files directly?
>
> Gracious thanks
>
> Randy Engle
>
>
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **



-- 
Kirk Brooks
San Francisco, CA
===

What can be said, can be said clearly,
and what you can’t say, you should shut up about

*Wittgenstein and the Computer *
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web aficionados - Not allow user to access file directly

[Narinder Chandi via 4D_Tech]

It's a shame that 4D's web server does not directly support something similar 
to Apache's .htaccess file in the web root. Securing direct access to html 
files/folders would then be trivial.

Regards,
 
Narinder Chandi,
ToolBox Systems Ltd.
 
I am available for new consulting opportunities…
http://4d.1045681.n5.nabble.com/ANN-4D-Developer-Available-td5765443.html
-- 

-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> on behalf of 4D Tech Mailing List 
<4d_tech@lists.4d.com>
Reply-To: 4D Tech Mailing List <4d_tech@lists.4d.com>
Date: Tuesday, 1 October 2019 at 16:49
To: 4D Tech Mailing List <4d_tech@lists.4d.com>
Cc: "Epperlein, Lutz (agendo)" 
Subject: AW: Web aficionados - Not allow user to access file directly

Use the so-called "Web decoy" technique. Basically you put your html files 
in another folder outside your html root. Then redirect all requests using ON 
WEB CONNECTION. For every http request 4D cannot serve directly, it uses ON WEB 
CONNECTION.

This is more elaborated e.g. here:

How to skip over HTTP and redirect to HTTPS
https://kb.4d.com/assetid=75313
How to skip over HTTP and redirect to HTTPS: Part 2 (The Web decoy folder)
https://kb.4d.com/assetid=75753

And there was a book "The Web Companion" by David Adams, it's a bit old 
now, but the technique remains the same. If you can get a copy ...

HTH

Regards
Lutz
    
-Ursprüngliche Nachricht-
Betreff: Web aficionados - Not allow user to access file directly

Hi Web Experts,

I don't want the web users to access html files directly, without going 
through ON WEB CONNECTION.

e.g.

http://myweb/foobar.html

If "foobar.html" exists in the web folder, Users can put in this in the 
address and it will pull up the web page, but will not process the 4D Tags, etc.
Very, very funky.

So, I'm probably being a dope, but does anyone know what I can do to 
prevent accessing html files directly?

Gracious thanks

Randy Engle


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

AW: Web aficionados - Not allow user to access file directly

[Epperlein, Lutz (agendo) via 4D_Tech]

Use the so-called "Web decoy" technique. Basically you put your html files in 
another folder outside your html root. Then redirect all requests using ON WEB 
CONNECTION. For every http request 4D cannot serve directly, it uses ON WEB 
CONNECTION.

This is more elaborated e.g. here:

How to skip over HTTP and redirect to HTTPS
https://kb.4d.com/assetid=75313
How to skip over HTTP and redirect to HTTPS: Part 2 (The Web decoy folder)
https://kb.4d.com/assetid=75753

And there was a book "The Web Companion" by David Adams, it's a bit old now, 
but the technique remains the same. If you can get a copy ...

HTH

Regards
Lutz

-Ursprüngliche Nachricht-
Betreff: Web aficionados - Not allow user to access file directly

Hi Web Experts,

I don't want the web users to access html files directly, without going through 
ON WEB CONNECTION.

e.g.

http://myweb/foobar.html

If "foobar.html" exists in the web folder, Users can put in this in the address 
and it will pull up the web page, but will not process the 4D Tags, etc.
Very, very funky.

So, I'm probably being a dope, but does anyone know what I can do to prevent 
accessing html files directly?

Gracious thanks

Randy Engle


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Web aficionados - Not allow user to access file directly

[Randy Engle via 4D_Tech]

Hi Web Experts,

I don't want the web users to access html files directly, without going through 
ON WEB CONNECTION.

e.g.

http://myweb/foobar.html

If "foobar.html" exists in the web folder, Users can put in this in the address 
and it will pull up the web page, but will not process the 4D Tags, etc.
Very, very funky.

So, I'm probably being a dope, but does anyone know what I can do to prevent 
accessing html files directly?

Gracious thanks

Randy Engle


**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: unicode, blobs, and the web

[Janie Marlow via 4D_Tech]

Thank you for that explanation, Miyako!



From: Keisuke Miyako via 4D_Tech <4d_tech@lists.4d.com>
Cc: Keisuke Miyako 

> 2019/08/29 12:31ÅAwebmaster namethatplant.net 
> ÇÃÉÅÅ[Éã:
>
> I still have a question.
> The write-up for PROCESS HTML TAGS contains the warning, "It is now highly 
> inadvisable to store texts in BLOBs".
>
> I don't use the command "PROCESS HTML TAGS" but I have used BLOB variables in 
> several other places throughout my website. These don't contain any 
> troublemaker characters and they are working well.
>
> Do I need to convert them to text variables?

storing text in BLOB is inadvisable for several reasons:

BLOBs are not ref-counted and memory inefficient. there are copied when passed 
as a method argument, for example.
BLOB to text conversion is costly, especially when the storage encoding is not 
UTF-8 (unicode to unicode conversion is quite efficient)
there is not inherent size advantage compared to text.
BLOB assumes that a byte is your atomic data unit, which is not true for Unicode
you are denied access to essential text commands such as position, match regex, 
replace string, etc.

but if things are working well,
of course you don't need to convert them.
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: unicode, blobs, and the web

[webmaster namethatplant.net via 4D_Tech]

A belated thank you, Miyako, for the clarification. I didn't think that was 
enough text to have filled up 2 GB, but I didn't know how to calculate its size.

I still have a question.
The write-up for PROCESS HTML TAGS contains the warning, "It is now highly 
inadvisable to store texts in BLOBs".

I don't use the command "PROCESS HTML TAGS" but I have used BLOB variables in 
several other places throughout my website. These don't contain any 
troublemaker characters and they are working well.

Do I need to convert them to text variables?

Thank you!
Janie

--
>2019/08/10 2:35, webmaster namethatplant.net via 
>4D_Tech <4d_tech@lists.4d.com>ÇÃ ÉÅÅ[Éã:
>
>I didn't see that important detail mentioned anywhere but in reference to that 
>one command, but, since text variables can now hold up to 2 GB, I tried 
>substituting a text variable.
>Doing that did clear up the multiplication sign issue, but now the data was 
>truncated. Only about 3000 line items were displayed.
>Would 4000 line items be enough to overflow 2 GB? (Each line item contains 
>only around 300 characters.)

no.

if each line contains 300 characters, and there are about 3,000 lines, you'd 
have 900,000 characters.
2GB is 2*1024*1024*1024 bytes. a unicode code point in UTF-8 is 1 to 6 bytes in 
theory,
although 5 and 6 byte characters are not defined yet. so you have plenty of 
room.

that said, BLOB to text conversion (4D legacy encoding a.k.a. MacRoman to 
Unicode) is limited to 32,000 bytes, for backward compatibility.

https://doc.4d.com/4Dv16/4D/16.6/BLOB-to-text.301-4445240.en.html
in other words, C_TEXT can hold up to a quarter billion bytes but the 
conversion from BLOB to text stops at 32k bytes. ...
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: unicode, blobs, and the web

[Keisuke Miyako via 4D_Tech]

2019/08/10 2:35、webmaster namethatplant.net via 
4D_Tech <4d_tech@lists.4d.com>のメール:

I didn't see that important detail mentioned anywhere but in reference to that 
one command, but, since text variables can now hold up to 2 GB, I tried 
substituting a text variable.

Doing that did clear up the multiplication sign issue, but now the data was 
truncated. Only about 3000 line items were displayed.

Would 4000 line items be enough to overflow 2 GB? (Each line item contains only 
around 300 characters.)

no.

if each line contains 300 characters, and there are about 3,000 lines, you'd 
have 900,000 characters.
2GB is 2*1024*1024*1024 bytes. a unicode code point in UTF-8 is 1 to 6 bytes in 
theory,
although 5 and 6 byte characters are not defined yet. so you have plenty of 
room.

that said, BLOB to text conversion (4D legacy encoding a.k.a. MacRoman to 
Unicode) is limited to 32,000 bytes, for backward compatibility.

https://doc.4d.com/4Dv16/4D/16.6/BLOB-to-text.301-4445240.en.html

in other words, C_TEXT can hold up to a quarter billion bytes but the 
conversion from BLOB to text stops at 32k bytes.

you did not clarify how you transitioned from BLOB to text,
but I suspect you used BLOB to text+Mac text without length, or something 
similar,
which would be inappropriate in this context.

https://doc.4d.com/4Dv16/4D/16.6/Convert-to-text.301-795.en.html

I can split the data into two text variables, and that appears to work, but it 
seems like it should be unnecessary.
What are some recommended ways to handle this?



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

unicode, blobs, and the web

[webmaster namethatplant.net via 4D_Tech]

v12.6  OS 10.6.8

Hello!
I was recently made aware of the fact that, on some web pages, a multiplication 
sign was displaying as what looked like a square root symbol + a lowercase 
accented "o".

The database is running in unicode; the web site is using UTF-8. The pages in 
question are displaying a blob variable that contains about 4000 line items. 
The blob was created using the constant UTF8 text without length.

The only clue I found was a brief note under PROCESS HTML TAGS: "Beginning with 
version 12 of 4D, when you use BLOB type parameters, the command automatically 
considers that the character set used for BLOBs is MacRoman."

I didn't see that important detail mentioned anywhere but in reference to that 
one command, but, since text variables can now hold up to 2 GB, I tried 
substituting a text variable.

Doing that did clear up the multiplication sign issue, but now the data was 
truncated. Only about 3000 line items were displayed.

Would 4000 line items be enough to overflow 2 GB? (Each line item contains only 
around 300 characters.)

I can split the data into two text variables, and that appears to work, but it 
seems like it should be unnecessary.

What are some recommended ways to handle this?

Thank you all in advance -
Janie


Janie Marlow
webmas...@namethatplant.net
Travelers Rest, SC
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web area fail on accessing secure area

[Ed Hammond via 4D_Tech]

Peter,

> I don’t expect any instant solutions but if anyone has any bright ideas for 
> further investigation I’d appreciate hearing them !

Welcome to the quirky world of web areas on 4D v15.

You may need to switch the rendering engine to successfully connect to your 
https service. When the Art Institute of Chicago developed a DAMS with a 
browser interface for us to connect to I remember trying all kinds of 
combinations to get the SSO service to manage and maintain the connection. I 
wound up writing a bit of component code to track every 4D form and web event, 
recording them in a log so that I could see exactly which actions were 
effective and what the external service was sending back to the web area. We 
have since moved on to v17 R3 and are all 64 bit. Things are much better with 
the blink engine.

When you no longer use the Internal web kit, web areas will behave differently 
between Mac and Windows. Mac OS hands off handling to the current web kit of 
the system and Windows uses and equivalent system level rendering engine. An 
external browser is good to help you see the sequence of pages and responses 
sent from the host system. It took some time for us to make it work cross 
platform.

--
Edgar Hammondehamm...@questinformation.com
Quest Information Systems 847 234-1345
http://www.questinformation.com
--



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Web area fail on accessing secure area

[Peter Jakobsson via 4D_Tech]

Hi

I’m slightly poking around in the dark here looking for a handle.

In a 4D Web Area, the a login “submit" button has no effect when submitting 
username and password to a secure area. The site concerned is the gov.uk (UK 
Government services).

i.e. we start here: https://www.gov.uk/log-in-register-hmrc-online-services
Then click the “Sign In” button which takes the user to the logon page. After 
that the subsequent submit action fails if done through a 4D Web Area on 
Windows (works fin on Mac). The perplexing thing is that a test version of this 
page works - even on Windows. (I am subscribed to the gov.uk HMRC Developer Hub 
which provides “sandbox” environments. The logon works fine in the sandbox with 
the 4D web area). By the way, I of course tested it with a regular browser and 
it works fine.

I don’t expect any instant solutions but if anyone has any bright ideas for 
further investigation I’d appreciate hearing them !

Specs are:

4D v15
Plain form with WebArea ("Use Internal Web Kit”=True)
No 4D methods involved except WA OPEN URL(web are;url)
Windows 7, Windows 10 tested

Best Regards

Peter

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: Unexpected authentication window appears in web area

[Randy Engle via 4D_Tech]

Peter,

Aha.  I got it, a WEB AREA!

H most peculiar!

Randy Engle

-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> On Behalf Of Peter Jakobsson via 
4D_Tech
Sent: Thursday, April 25, 2019 1:30 PM
To: 4D iNug Technical <4d_tech@lists.4d.com>
Cc: Peter Jakobsson 
Subject: Re: Unexpected authentication window appears in web area

Hi Randy

Thanks for your reply. Just to clarify, there’s no code involved. It’s simply a 
web area through which I’m accessing the web. Behaves as expected on the Mac 
but generates this authentication dialog out of nowhere on Windows.

Peter


> On 25 Apr 2019, at 22:23, Randy Engle via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> Possibly, something is failing in the ON WEB AUTHENTICATION database method.

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Unexpected authentication window appears in web area

[Chip Scheide via 4D_Tech]

windows firewall?
windows running though a proxy?
through a different router/switch?
have you tried entering your network (email or or server) credentials?

if you can determine what credentials are accepted maybe you figure out 
what the cause is

Chip

On Thu, 25 Apr 2019 22:29:34 +0200, Peter Jakobsson via 4D_Tech wrote:
> Hi Randy
> 
> Thanks for your reply. Just to clarify, there’s no code involved. 
> It’s simply a web area through which I’m accessing the web. Behaves 
> as expected on the Mac but generates this authentication dialog out 
> of nowhere on Windows.
> 
> Peter
> 
> 
>> On 25 Apr 2019, at 22:23, Randy Engle via 4D_Tech 
>> <4d_tech@lists.4d.com> wrote:
>> 
>> Possibly, something is failing in the ON WEB AUTHENTICATION database 
>> method.
> 
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **
---
Gas is for washing parts
Alcohol is for drinkin'
Nitromethane is for racing 
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: Unexpected authentication window appears in web area

[Randy Engle via 4D_Tech]

Hi Peter,

Possibly, something is failing in the ON WEB AUTHENTICATION database method.

We have a "blacklist", that if it is on the list, you will get the message you 
described.

Why Windows, not Mac?... dunno.

Randy Engle

-Original Message-
From: 4D_Tech <4d_tech-boun...@lists.4d.com> On Behalf Of Peter Jakobsson via 
4D_Tech
Sent: Thursday, April 25, 2019 11:22 AM
To: 4D iNug Technical <4d_tech@lists.4d.com>
Cc: Peter Jakobsson 
Subject: Unexpected authentication window appears in web area

Hi

I have a very simple web area embedded in a 4D form for logging into an 
authenticated domain. I’m observing different behaviours in Mac and Windows:

Mac:
works fine. You enter user and password, click the web page submit button and 
authentication is successful. Next web page appears

Windows:
On clicking the submit button a small OS type window opens over the form with 
“User Name” and “Password” fields. It’s in French which makes me think it’s 
coming from the 4D web area plugin itself

Even if the correct user name and password are entered (for a second time) into 
this “secondary” authentication window, authentication fails.

See here for screenshot:

https://imgur.com/fQdtNYu

Anyone seen this or have any idea as to why this appears ?

Regards

Peter

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Unexpected authentication window appears in web area

[Peter Jakobsson via 4D_Tech]

Hi

I have a very simple web area embedded in a 4D form for logging into an 
authenticated domain. I’m observing different behaviours in Mac and Windows:

Mac:
works fine. You enter user and password, click the web page submit button and 
authentication is successful. Next web page appears

Windows:
On clicking the submit button a small OS type window opens over the form with 
“User Name” and “Password” fields. It’s in French which makes me think it’s 
coming from the 4D web area plugin itself

Even if the correct user name and password are entered (for a second time) into 
this “secondary” authentication window, authentication fails.

See here for screenshot:

https://imgur.com/fQdtNYu

Anyone seen this or have any idea as to why this appears ?

Regards

Peter

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: Web area and not secure site

[Piotr Chabot Stadhouders via 4D_Tech]

Hi Jeremy,

Thanks for your thoughts, but it looks all has to do with having a https url 
without having a valid certificate for the web site
It looks like the 64-bit embedded web rendering engine doesn’t show anything in 
that case
When I make the web server accept using http all works fine, what of course 
isn’t desirable

So: When using 64-bit embedded web rendering and make a call to an unsecure 
website (https without valid certificate) it show a blank page
I would expect the same behavior as with Chrome, and this certainly isn’t just 
a blank page

Van: Jeremy French 
Verzonden: donderdag 11 april 2019 16:35
Aan: 4D iNUG Technical <4d_tech@lists.4d.com>
CC: Piotr Chabot Stadhouders 
Onderwerp: Re: Web area and not secure site

Have you tried making these calls in the form’s “form method”.

In the form’s “On Load” event

 WA OPEN URL(*;$objName_webArea_t;"about:blank")
 WA SET PAGE CONTENT(*;$objName_webArea_t;"";"file:///“)
 SET TIMER(-1)
In the form’s “On Timer” event

 SET TIMER(0)
 WA OPEN URL(*;$objName_webArea_t;"about:blank")
 WA SET PAGE CONTENT(*;$objName_webArea_t;"";"file:///“)

Also see:
https://doc.4d.com/4Dv17/4D/17.1/SET-TIMER.301-4178784.en.html


On Apr 11, 2019, at 3:25 AM, Piotr Chabot Stadhouders via 4D_Tech 
<4d_tech@lists.4d.com<mailto:4d_tech@lists.4d.com>> wrote:

 I don't use the embedded version because
* in 64-bit (Blink) I get an blank HTML page, and nothing is shown

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web area and not secure site

[Jeremy French via 4D_Tech]

Have you tried making these calls in the form’s “form method”.

In the form’s “On Load” event

 WA OPEN URL(*;$objName_webArea_t;"about:blank")
 WA SET PAGE CONTENT(*;$objName_webArea_t;"";"file:///“)
 SET TIMER(-1)  

In the form’s “On Timer” event

 SET TIMER(0)   
 WA OPEN URL(*;$objName_webArea_t;"about:blank")
 WA SET PAGE CONTENT(*;$objName_webArea_t;"";"file:///“)

Also see:
https://doc.4d.com/4Dv17/4D/17.1/SET-TIMER.301-4178784.en.html 


> On Apr 11, 2019, at 3:25 AM, Piotr Chabot Stadhouders via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
>  I don't use the embedded version because
> * in 64-bit (Blink) I get an blank HTML page, and nothing is shown

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Web area and not secure site

[Keisuke Miyako via 4D_Tech]

is the internal website http: or https:

?

it's not quite clear from your post.

-

I think the 32-bit system web area on windows inherits the registry setting for 
Internet Explorer

such as

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet 
Settings\Zones\0

or

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet 
Settings\Zones\0

(you can search the inter web for details)

but I don't know if the same applies to 64-bit as well.

c.f.

https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/security-privacy-management-gp#prevent-certificate-error-overrides

also did you Google "DLG_FLAGS_SEC_CERT_CN_INVALID"

maybe the cert. common name is a domain and the URL is an IP address, or vice 
versa.

should be an easy problem to fix.

> 2019/04/11 16:25、Piotr Chabot Stadhouders via 4D_Tech 
> <4d_tech@lists.4d.com>のメール:
>
> We have an internal website (development) that we want to access in a web area
> Because its an internal URL, and for now in development, we don't have a 
> certificate for it right now
> So, when using Internet explorer, we get a message "This site is not secure"
> However, we can proceed and after seeing the error DLG_FLAGS_INVALID_CA, 
> DLG_FLAGS_SEC_CERT_CN_INVALID we can force to go further
>
> When using a webarea (not embedded, because embedded looks nothing like it 
> should be) however I get the message "This site is not secure", but with 
> errorcode 0
> And more important, I am not able to proceed to the website
>
> Does anybody know how I can solve this problem?




**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Web area and not secure site

[Piotr Chabot Stadhouders via 4D_Tech]

Hi,

4D v17R3 Windows

We have an internal website (development) that we want to access in a web area
Because its an internal URL, and for now in development, we don't have a 
certificate for it right now
So, when using Internet explorer, we get a message "This site is not secure"
However, we can proceed and after seeing the error DLG_FLAGS_INVALID_CA, 
DLG_FLAGS_SEC_CERT_CN_INVALID we can force to go further

When using a webarea (not embedded, because embedded looks nothing like it 
should be) however I get the message "This site is not secure", but with 
errorcode 0
And more important, I am not able to proceed to the website

Does anybody know how I can solve this problem?

Gr,
Piotr

P.S. I don't use the embedded version because
* in 32-bit it looks nothing like it should
* in 64-bit (Blink) I get an blank HTML page, and nothing is shown

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: v17 web area

[Keith Goebel via 4D_Tech]

Allan,
Hope you are all well.
Having Ant available for the odd bit of sleuthing sounds like a very handy 
thing to have…  :-)

I’m using v17.1 HF1 for the deployed ePro.
Server is 64bit, clients are 32bit (to stop graph bug).
V17 64bit is doing strange things to my highCharts graphs (they are not 
re-sizing to fit their area). 32 bit are OK.
Might try your solution and see if it makes a difference.

My graphs use javascript “callbacks” to make them print ready, and don’t know 
if turning off the engine will effect that.
If it works, “thanks Allan and thanks Anthony”  :-)
If it doesn’t work, well, I’m no worse off right?
 Cheers, Keith


> On 23/03/2019, at 8:00 am, 4d_tech-requ...@lists.4d.com wrote:
> 
> Message: 1
> Date: Fri, 22 Mar 2019 09:57:24 +1300
> From: Allan Udy 
> To: 4d_tech@lists.4d.com
> Subject: Re: v17 web area
> Message-ID: <57b6c2bb-1fed-9895-9c9a-074d22cb3...@gmail.com>
> Content-Type: text/plain; charset=utf-8; format=flowed
> 
> FWIW, we recently had something similar (again in v17 Windows 64bit 
> server/32bit client), a web area showing a Google map which had been 
> working fine for ages, and then stopped working.
> 
> The solution to this was to open up the form, click on the Web Area, go 
> to the Properties window and turn OFF the option:
> 
>   Use embedded Web rendering engine
> 
> Once we did that it started working again. Thanks to Anthony Taylor for 
> working that one out for us!   :-)
> 
> Cheers,
> Allan Udy

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: v17 web area

[Allan Udy via 4D_Tech]

FWIW, we recently had something similar (again in v17 Windows 64bit 
server/32bit client), a web area showing a Google map which had been 
working fine for ages, and then stopped working.


The solution to this was to open up the form, click on the Web Area, go 
to the Properties window and turn OFF the option:


  Use embedded Web rendering engine

Once we did that it started working again. Thanks to Anthony Taylor for 
working that one out for us!   :-)


Cheers,
Allan Udy


From: David Samson 

A few years ago I successfully implemented the tech note
"15-13_MapWithDataCluster". I modified it for our needs and it worked well.
That was on v14.

Now, on v17 (Windows, 64 bit server, 32 bit clients) it is not displaying
the background map. The generated data points are still displayed but on a
blank background. I have checked the Leaflet map is in the correct
resources folder. I tried to download the tech note again and the demo has
the same problem when converted to v17.

Any ideas?



Golden Micro Solutions Ltd, Blenheim, New Zealand
http://www.golden.co.nz<http://www.golden.co.nz>

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

v17 web area

[David Samson via 4D_Tech]

A few years ago I successfully implemented the tech note
"15-13_MapWithDataCluster". I modified it for our needs and it worked well.
That was on v14.

Now, on v17 (Windows, 64 bit server, 32 bit clients) it is not displaying
the background map. The generated data points are still displayed but on a
blank background. I have checked the Leaflet map is in the correct
resources folder. I tried to download the tech note again and the demo has
the same problem when converted to v17.

Any ideas?
David Samson

-- 
D Samson
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: 4D Web Log Out

[Epperlein, Lutz (agendo) via 4D_Tech]

Hi Douglas,

> In our case we land the user at a login page which handles the httpAuth send 
> avoiding
> the nasty dialog.
> If the user is not authenticated they do not get in.  No problem there.
> If the user is authenticated then they are taken to the application (written 
> in Angular)
> At some point they will click the logout button/link and this would cause the 
> session to
> close (WEB CLOSE SESSION) and they are redirected to the login page.

Nearly the same what we do. I don't see a problem here.

> If they then typed in the index of the application index.shtml file the 
> browser was still
> passing in the old username and password so the client was getting through 
> the On
> Web Authentication and was issued with a new session ID and could use the 
> system as
> before the logout.

That's a bit strange and I don't understand it fully. 
Only one guess:
You mentioned Angular as the web framework (some call it platform, anyway).
I don't know the architecture of your web app, but it seems the problem is 
buried there. With Angular you produce so-called single page applications 
(SPA). That means that all the data entered are stored in the front end. 
Angular works with scopes, where the data is stored. So I think you have a 
scope containing the user credentials and if you go back to your start page 
this credentials are there in this scope yet. The start page isn't really a new 
page since you have single page application.
What you have to do is deleting them or destroying the scope after sending the 
credentials to server. Your current solution (see below) tries to locate the 
problem in the backend/the server. But I'm quite sure the problem is related to 
your frontend code and has nothing to do with 4D.
And for security reasons it is better to delete the credentials immediately 
after the login request, whether it is successful or not. 

Disclaimer: This hint is a guess as I said already since I don't know enough 
about your application.

Regards
Lutz 

> What I have done today is when the logout happens I now place a call using JS 
> from
> the logout page with invalid (null) credentials which causes the username and 
> password
> to be cleared.  Having carried out significant testing we have not been able 
> to get back
> in to an application page following a log out using this method.
> 
> Regards,  Dougie
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Log Out

[Douglas Cryer via 4D_Tech]

Lutz,

Re:
>  I'm not really understand your problem. What do you mean with "the browser 
> still persists with the username and password"? Does it mean that you > send 
> these credentials with every request to the web server?

> What we do is this:
> If the browser makes a request without a cookie or with wrong cookie, the 
> server sends a http 401 response and the user gets a login dialog, after
> checking the credentials on the server side the server sends a cookie. All 
> subsequent requests will carry the cookie, the browser does this for you. 
> And the server checks at every request if the cookie is valid.
> If the user press the logout button the server sends a cookie as a response 
> with a cookie expiration of 0 or an expiration date in the past.
> The built in 4D sessions work the same way AFAIK.

In our case we land the user at a login page which handles the httpAuth send 
avoiding the nasty dialog.
If the user is not authenticated they do not get in.  No problem there.
If the user is authenticated then they are taken to the application (written in 
Angular)
At some point they will click the logout button/link and this would cause the 
session to close (WEB CLOSE SESSION) and they are redirected to the login page.

If they then typed in the index of the application index.shtml file the browser 
was still passing in the old username and password so the client was getting 
through the On Web Authentication and was issued with a new session ID and 
could use the system as before the logout.

What I have done today is when the logout happens I now place a call using JS 
from the logout page with invalid (null) credentials which causes the username 
and password to be cleared.  Having carried out significant testing we have not 
been able to get back in to an application page following a log out using this 
method.

Regards,  Dougie


telekinetix Limited- J. Douglas Cryer
Phone : 01234 761759  Mobile : 07973 675 218
2nd Floor Broadway House, 4-6 The Broadway, Bedford MK40 2TE
Email : jdcr...@telekinetix.com  Web : http://www.telekinetix.com 
<http://www.telekinetix.com/>

 

On 01/03/2019, 15:56, "4d_tech-boun...@lists.4d.com on behalf of 
4d_tech-requ...@lists.4d.com" <4d_tech-boun...@lists.4d.com on behalf of 
4d_tech-requ...@lists.4d.com> wrote:

I'm not really understand your problem. What do you mean with "the browser 
still persists with the username and password"? Does it mean that you send 
these credentials with every request to the web server?

What we do is this:
If the browser makes a request without a cookie or with wrong cookie, the 
server sends a http 401 response and the user gets a login dialog, after 
checking the credentials on the server side the server sends a cookie. All 
subsequent requests will carry the cookie, the browser does this for you. And 
the server checks at every request if the cookie is valid.
If the user press the logout button the server sends a cookie as a response 
with a cookie expiration of 0 or an expiration date in the past.
The built in 4D sessions work the same way AFAIK.





**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: 4D Web Log Out

[Epperlein, Lutz (agendo) via 4D_Tech]

I'm not really understand your problem. What do you mean with "the browser 
still persists with the username and password"? Does it mean that you send 
these credentials with every request to the web server?

What we do is this:
If the browser makes a request without a cookie or with wrong cookie, the 
server sends a http 401 response and the user gets a login dialog, after 
checking the credentials on the server side the server sends a cookie. All 
subsequent requests will carry the cookie, the browser does this for you. And 
the server checks at every request if the cookie is valid.
If the user press the logout button the server sends a cookie as a response 
with a cookie expiration of 0 or an expiration date in the past.
The built in 4D sessions work the same way AFAIK.

Regards
Lutz

--  
Lutz Epperlein  
--
Agendo Gesellschaft für politische Planung mbH
Köpenicker Str. 9
10997 Berlin
http://www.agendo.de/
--



**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Log Out

[Douglas Cryer via 4D_Tech]

Dani,

Re: Have you looked at the "WEB CLOSE SESSION” command?
   That is probably what you are looking for assuming you are using the 
built in 4D sessions.

Yes I have looked extensively at that command and I am using it.  The examples 
all deal with how you would use it with regards the "On Web Connection" method 
and handling storage of session data for future use.

The problem is that the browser still persists with the username and password 
so it is able to re-authenticate getting a new session and continuing as if the 
user was OK.  The only way we can currently think of is to make a call from the 
logout page with invalid credentials forcing a rejection and thus resetting any 
good credentials that are persisting on the client.

We plan to try this today but I feel this is wrong and I must be missing 
something.

Regards,  Dougie


telekinetix Limited- J. Douglas Cryer
Phone : 01234 761759  Mobile : 07973 675 218
2nd Floor Broadway House, 4-6 The Broadway, Bedford MK40 2TE
Email : jdcr...@telekinetix.com  Web : http://www.telekinetix.com 
<http://www.telekinetix.com/>




**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: 4D Web Log Out

[Dani Beaubien via 4D_Tech]

Have you looked at the "WEB CLOSE SESSION” command?

That is probably what you are looking for assuming you are using the built in 
4D sessions.

Dani Beaubien
Open Road Development

> On Feb 28, 2019, at 9:38 AM, Douglas Cryer via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> Hello folks,
> 
> Forgive me if this question has been asked many times before  but I am a bit 
> stumped.
> 
> Logging on to 4D via a web page is relatively simple wither using the nasty 
> dialog or rolling your own page to submit the httpauth details.
> 
> Logging off however is proving to be more difficult.
> 
> I can give the impression of logging off but the username and password seems 
> to persist on the client browser so re-entering a previously visited page 
> that pulls data just continues to work.  If I manually clear the browser 
> cookies then the access gets denied but the 4DSID cookie cannot be cleared by 
> javascript...
> 
> What are the correct steps to achieve this.  I need help...
> 
> Regards,  Dougie
> 
> 
> telekinetix Limited- J. Douglas Cryer
> Phone : 01234 761759  Mobile : 07973 675 218
> 2nd Floor Broadway House, 4-6 The Broadway, Bedford MK40 2TE
> Email : jdcr...@telekinetix.com  Web : http://www.telekinetix.com 
> <http://www.telekinetix.com/>
> 
> 
> 
> 
> 
> **
> 4D Internet Users Group (4D iNUG)
> Archive:  http://lists.4d.com/archives.html
> Options: https://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

4D Web Log Out

[Douglas Cryer via 4D_Tech]

Hello folks,

Forgive me if this question has been asked many times before  but I am a bit 
stumped.

Logging on to 4D via a web page is relatively simple wither using the nasty 
dialog or rolling your own page to submit the httpauth details.

Logging off however is proving to be more difficult.

I can give the impression of logging off but the username and password seems to 
persist on the client browser so re-entering a previously visited page that 
pulls data just continues to work.  If I manually clear the browser cookies 
then the access gets denied but the 4DSID cookie cannot be cleared by 
javascript...

What are the correct steps to achieve this.  I need help...

Regards,  Dougie


telekinetix Limited- J. Douglas Cryer
Phone : 01234 761759  Mobile : 07973 675 218
2nd Floor Broadway House, 4-6 The Broadway, Bedford MK40 2TE
Email : jdcr...@telekinetix.com  Web : http://www.telekinetix.com 
<http://www.telekinetix.com/>





**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

v17.0; web area; 4D tags; Google Charts

[Pierre Coulombe via 4D_Tech]

I’ve used over the years 4D transformation tags (4DTEXT, 4DEVAL etc) to 
transfer data from 4D database to web server pages. Recently using 4D Lightning 
I had great success creating graphs by using $4DEVAL in javascript like this:

Re: Transferring Build Mac Client via Google Drive Web Interface Fails

[Jeremy Roussak via 4D_Tech]

That’s really useful, Miyako. Thanks.

Jeremy

> On 28 Nov 2018, at 08:58, Keisuke Miyako via 4D_Tech <4d_tech@lists.4d.com> 
> wrote:
> 
> the target path can be found in the build project
> 
> for instance, in this example, the path is accessible with the code
> 
> If (Is macOS)
> $path:=$BuildApp.BuildMacDestFolder
> Else
> $path:=$BuildApp.BuildWinDestFolder
> End if
> $path:=$path+"Final Application"+Folder separator
> 
> https://github.com/miyako/4d-component-build-app
> 
> thereafter you can append the app name
> 
> $BuildApp.BuildApplicationName
> 
> with the appropriate extension.
> 
> if you intend to code sign via LEP, you need to convert the path to POSIX and 
> escape reserved characters.
> 
> 
> 
> On 20 Nov 2018, at 15:27, Dave Nasralla via 4D_Tech 
> <4d_tech@lists.4d.com> wrote:
> 
> Is there an easy way to get the file path to the built client and
> server apps for the command line?
**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: Transferring Build Mac Client via Google Drive Web Interface Fails

[Keisuke Miyako via 4D_Tech]

the target path can be found in the build project

for instance, in this example, the path is accessible with the code

If (Is macOS)
$path:=$BuildApp.BuildMacDestFolder
Else
$path:=$BuildApp.BuildWinDestFolder
End if
$path:=$path+"Final Application"+Folder separator

https://github.com/miyako/4d-component-build-app

thereafter you can append the app name

$BuildApp.BuildApplicationName

with the appropriate extension.

if you intend to code sign via LEP, you need to convert the path to POSIX and 
escape reserved characters.



On 20 Nov 2018, at 15:27, Dave Nasralla via 4D_Tech 
<4d_tech@lists.4d.com> wrote:

Is there an easy way to get the file path to the built client and
server apps for the command line?

**
4D Internet Users Group (4D iNUG)
Archive:  http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**