Re: [twsocket] HttpCli + Timeout How To??
Hello Mac, > How i implement a timeout control in HttpCli... Use async call's and a timer. when timer expires call abort, when request is done disable timer. > I using HttpCli in sync mode, because i need to run it in Thread.. You can use async mode in a thread as well. There is no difference, just call HttpCli.Socket.ProcessMessages in the Execute method. Nothing more to do. > How i cancel httpcli get/post command? after started? Abort; --- Rgds, Wilfried [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html http://www.mestdagh.biz -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
> It seemes to me that you have the same problem as me. Try to separe the > user and the domain. If it works let me know so I can patch the proxy > part of NTLM auth too. > Without domain the user will not be authenticated, I tried. I think you are right. Since NtlmGetMessage3 has provision for domain name, it should be put there and not embed it into the username. Embedding domain in username is just a convenient way of doing it for the application user interface. At the lowest level, in the NTLM messages, domain should be written where it belongs to. -- [EMAIL PROTECTED] http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] using Api form with message loop
> is it possible to create a form with a message loop with api > and still use the http async methods ? > > This will shrink the total application size with almost 300K as I understand, what you want/need is not a form (a form is a Delphi object derived from TForm). It is a window (It is a Windows OS object created with CreateWindow API and similar). A window is all you need to communicate with messages. A window doesn't need to be visible, it doesn't need to have any child control. For example TWSocket create a hidden window to be able to receive winsock notification messages. You can create your own [hidden] window or you can use the one created by a TWSocket. See how TWSocket create his own hidden window. You should also look at ICS-V6 and his OverbyteIcsWndControl.pas source file. There is no problem to use this code in V5 it would equire only minor changes, mainly changing the file names in the uses clause (probably a good idea to create/use a conditional compile ICS_V5 for all changes you would do to easily find your changes again later and apply them when I'll publish a new version). In OverbyteIcsWndControl, there is TIcsWndControl class deriving from TComponent. TIcsWndControl implement everything needed to have a hidden window and manage dynamically registered messages. It is used by ICS-V6 as the base for all ICS-V6 component so that a single hidden window is shared between many ICS-V6 components. There is a limit in Windows on the total number of window handles: 1 by default. This cause trouble if you want a really large number of TWSocket without tweaking the OS. With ICS-V6, since a single hidden window is shared between many ICS component this limitation goes away and you can easily have thousands of simultaneous sockets. The code is compatible with both GUI, console mode and service type programs. -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
That is what I ment also. Now the question is that should or should not ICS allow other separators than backslash? And the second question that on the proxy authentication part should we use the same technique? Personally I didn't saw usernames like [EMAIL PROTECTED] until now in windows. Paul, can you give me examples, where you can configure Proxy/Web server with NTLM in the way you pointed out? Francois PIETTE wrote: >>It seemes to me that you have the same problem as me. Try to separe the >>user and the domain. If it works let me know so I can patch the proxy >>part of NTLM auth too. >>Without domain the user will not be authenticated, I tried. >> >> > >I think you are right. Since NtlmGetMessage3 has provision for domain name, >it should be put there and not embed it into the username. Embedding domain >in username is just a convenient way of doing it for the application user >interface. At the lowest level, in the NTLM messages, domain should be >written where it belongs to. >-- >[EMAIL PROTECTED] >http://www.overbyte.be > > > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
> That is what I ment also. Now the question is that should or should not > ICS allow other separators than backslash? Should ICS be responsible for domain/user parsing out of a single property or should a new property with domain added ? > And the second question that on the proxy authentication > part should we use the same technique? I think so altough I have nothing to test. -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be - Original Message - From: "Tibor Csonka" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Friday, January 20, 2006 11:18 AM Subject: Re: [twsocket] NTLM authentication reloaded > That is what I ment also. Now the question is that should or should not > ICS allow other separators than backslash? > And the second question that on the proxy authentication part should we > use the same technique? > > Personally I didn't saw usernames like [EMAIL PROTECTED] until now in windows. > Paul, can you give me examples, where you can configure Proxy/Web server > with NTLM in the way you pointed out? > > Francois PIETTE wrote: > >>>It seemes to me that you have the same problem as me. Try to separe the >>>user and the domain. If it works let me know so I can patch the proxy >>>part of NTLM auth too. >>>Without domain the user will not be authenticated, I tried. >>> >>> >> >>I think you are right. Since NtlmGetMessage3 has provision for domain >>name, >>it should be put there and not embed it into the username. Embedding >>domain >>in username is just a convenient way of doing it for the application user >>interface. At the lowest level, in the NTLM messages, domain should be >>written where it belongs to. >>-- >>[EMAIL PROTECTED] >>http://www.overbyte.be >> >> >> > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
> Personally I didn't saw usernames like [EMAIL PROTECTED] until now in windows. > Paul, can you give me examples, where you can configure Proxy/Web server > with NTLM in the way you pointed out? You won't find this strange format in M$ proxies, but there lots of proxies available. The ones that requires [EMAIL PROTECTED] are mostly used with ftp The only way it seems to work everywhere is as I decribed in previous messages because there are proxies that act different between their users also. Since I haven't found a way to detect how they make that difference, I test all situations and pick the one that works. Paul - Original Message - From: "Tibor Csonka" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Friday, January 20, 2006 11:18 AM Subject: Re: [twsocket] NTLM authentication reloaded > That is what I ment also. Now the question is that should or should not > ICS allow other separators than backslash? > And the second question that on the proxy authentication part should we > use the same technique? > > Personally I didn't saw usernames like [EMAIL PROTECTED] until now in windows. > Paul, can you give me examples, where you can configure Proxy/Web server > with NTLM in the way you pointed out? > > Francois PIETTE wrote: > >>>It seemes to me that you have the same problem as me. Try to separe the >>>user and the domain. If it works let me know so I can patch the proxy >>>part of NTLM auth too. >>>Without domain the user will not be authenticated, I tried. >>> >>> >> >>I think you are right. Since NtlmGetMessage3 has provision for domain >>name, >>it should be put there and not embed it into the username. Embedding >>domain >>in username is just a convenient way of doing it for the application user >>interface. At the lowest level, in the NTLM messages, domain should be >>written where it belongs to. >>-- >>[EMAIL PROTECTED] >>http://www.overbyte.be >> >> >> > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
> Should ICS be responsible for domain/user parsing out of a single property > or should a new property with domain added ? I think not, unless the component itself test for the combination that works. PAul - Original Message - From: "Francois PIETTE" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Friday, January 20, 2006 12:04 PM Subject: Re: [twsocket] NTLM authentication reloaded >> That is what I ment also. Now the question is that should or should not >> ICS allow other separators than backslash? > > Should ICS be responsible for domain/user parsing out of a single property > or should a new property with domain added ? > >> And the second question that on the proxy authentication >> part should we use the same technique? > > I think so altough I have nothing to test. > > -- > Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html > -- > [EMAIL PROTECTED] > http://www.overbyte.be > > > > - Original Message - > From: "Tibor Csonka" <[EMAIL PROTECTED]> > To: "ICS support mailing" > Sent: Friday, January 20, 2006 11:18 AM > Subject: Re: [twsocket] NTLM authentication reloaded > > >> That is what I ment also. Now the question is that should or should not >> ICS allow other separators than backslash? >> And the second question that on the proxy authentication part should we >> use the same technique? >> >> Personally I didn't saw usernames like [EMAIL PROTECTED] until now in >> windows. >> Paul, can you give me examples, where you can configure Proxy/Web server >> with NTLM in the way you pointed out? >> >> Francois PIETTE wrote: >> It seemes to me that you have the same problem as me. Try to separe the user and the domain. If it works let me know so I can patch the proxy part of NTLM auth too. Without domain the user will not be authenticated, I tried. >>> >>>I think you are right. Since NtlmGetMessage3 has provision for domain >>>name, >>>it should be put there and not embed it into the username. Embedding >>>domain >>>in username is just a convenient way of doing it for the application user >>>interface. At the lowest level, in the NTLM messages, domain should be >>>written where it belongs to. >>>-- >>>[EMAIL PROTECTED] >>>http://www.overbyte.be >>> >>> >>> >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Anyway the user tweaks like this separation character should not be the concern of ICS but of the application with the functionality. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
>Should ICS be responsible for domain/user parsing out of a single property >or should a new property with domain added ? > > I can see your point here. For me is more simpler for now to leave it like that, but I think ICS _should not_ handle the separation; it is much better to expose separate properties. However, regardless of how you implement this, ICS documentation or example code should include all the possible separators to make newbies lives easier :). In any way you do it in the future, the actual implementation is not correct in all cases and that was I was trying to point out. Best regards, Tibor Csonka -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
>> Paul, can you give me examples, where you can configure Proxy/Web server >> with NTLM in the way you pointed out? > > You won't find this strange format in M$ proxies, but there lots of > proxies > available. > The ones that requires [EMAIL PROTECTED] are mostly used with ftp Yes, but those are not NTLM proxies imo. They are just transparent FTP proxies. -- [EMAIL PROTECTED] http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
>> Should ICS be responsible for domain/user parsing out of a single >> property >> or should a new property with domain added ? > > I think not, unless the component itself test for the combination that > works. That's not logical. The NTLM message has two different parts for domain name and user name. Putting the right name in the right part would solve all problem imo. It is possible that some smart proxies take care of extracting domain name from username if domain part is empty in the message. And for those smart proxies, you have to provide the right separator. If a new domain property is added, nothing prevent the component user from ignoring it and still provide domain name and user name in the user name part as today, and to rely on the smart proxy to handle that situation. It is not worse than today and even provide an enhancement. -- [EMAIL PROTECTED] http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
>>Should ICS be responsible for domain/user parsing out of a single property >>or should a new property with domain added ? >> >> > I can see your point here. For me is more simpler for now to leave it > like that, but I think ICS _should not_ handle the separation; it is > much better to expose separate properties. However, regardless of how > you implement this, ICS documentation or example code should include all > the possible separators to make newbies lives easier :). If we don't create a new property for domain, we have to provide a new property for delimiter. -- [EMAIL PROTECTED] http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
I would like to correct the bug report I posted before: There is no way to set domain for NTLM authentication neither for web server or proxy in ICS HttpProt. A mechanism should be included in the future releases. A new property for the domain can be added for proxy auth and separatelly for web auth or a property in which users can set the domain name separator this can be one for each of the authentication part, because it's mainly depends on the implementor application's user inteface. Best regards, Tibor Csonka -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Francois PIETTE wrote: >>> Should ICS be responsible for domain/user parsing out of a single >>> property >>> or should a new property with domain added ? >> >> I think not, unless the component itself test for the combination that >> works. > > That's not logical. The NTLM message has two different parts for domain > name and user name. Putting the right name in the right part would solve > all problem imo. I second that. > It is possible that some smart proxies take care of > extracting domain name from username if domain part is empty in the > message. > And for those smart proxies, you have to provide the right > separator. I think they arn't so smart, but just calling LogOnUser() note that [EMAIL PROTECTED] valid, not only for FTP-proxies. >From MSDN: "lpszUsername [in] A pointer to a null-terminated string that specifies the name of the user. This is the name of the user account to log on to. If you use the user principal name (UPN) format, [EMAIL PROTECTED], the lpszDomain parameter must be NULL. lpszDomain [in] A pointer to a null-terminated string that specifies the name of the domain or server whose account database contains the lpszUsername account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter is ".", the function validates the account by using only the local account database." Arno garrels > If a new domain property is added, nothing prevent the component user from > ignoring it and still provide domain name and user name in the user name > part as today, and to rely on the smart proxy to handle that situation. It > is not worse than today and even provide an enhancement. > > -- > [EMAIL PROTECTED] > http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Arno Garrels wrote: > >> From MSDN: > > "lpszUsername > [in] A pointer to a null-terminated string that specifies the name of the > user. This is the name of the user account to log on to. If you use the > user principal name (UPN) format, [EMAIL PROTECTED], the lpszDomain > parameter must be NULL. > lpszDomain > [in] A pointer to a null-terminated > string that specifies the name of the domain or server whose account > database contains the lpszUsername account. If this parameter is NULL, > the user name must be specified in UPN format. If this parameter is ".", > the function validates the account by using only the local account > database." To complete this for older Windows-versions: lpszUsername Pointer to a null-terminated string that specifies the user name. This is the name of the user account to log on to. lpszDomain Pointer to a null-terminated string that specifies the domain or server to log on to. If this parameter is ".", LogonUser searches only the local account database for the account specified in lpszUsername. If this parameter is NULL, LogonUser searches the local account database, and then searches trusted domain account databases, until it finds the lpszUsername account or the search is exhausted without finding the account name. > > Arno garrels > > >> If a new domain property is added, nothing prevent the component user >> from ignoring it and still provide domain name and user name in the user >> name part as today, and to rely on the smart proxy to handle that >> situation. It is not worse than today and even provide an enhancement. >> >> -- >> [EMAIL PROTECTED] >> http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] THttpServer Digest Auth implemented with ICS
Hello Francois and Everybody, We (me and Peter Nikolow) worked on Digest authentication for ICS THttpServer. We used Delphi and ICS v5 (unit version 1.38) for the httpsrv.pas and C++ for the test unit. We (fastream.com) want to donate the code to our very community. I urge you (Francois) to make this code part of your official release of both v5 and v6 and other people to have a look at the code and provide feedback so that we would be able to fix anything wrong. http://www.fastream.com/ics/THttpServerDigest.zip (The C++ code is less than 30 lines and it should not be hard to write it with Delphi as well). Best Regards, SubZero CSA, Fastream Technologies Software IQ: Innovation & Quality www.fastream.com | [EMAIL PROTECTED] -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
> Yes, but those are not NTLM proxies imo. > They are just transparent FTP proxies. I have run into problems with Http NTLM proxies Paul - Original Message - From: "Francois PIETTE" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Friday, January 20, 2006 12:51 PM Subject: Re: [twsocket] NTLM authentication reloaded >>> Paul, can you give me examples, where you can configure Proxy/Web server >>> with NTLM in the way you pointed out? >> >> You won't find this strange format in M$ proxies, but there lots of >> proxies >> available. >> The ones that requires [EMAIL PROTECTED] are mostly used with ftp > > Yes, but those are not NTLM proxies imo. > They are just transparent FTP proxies. > -- > [EMAIL PROTECTED] > http://www.overbyte.be > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
At my former working place we had an MS Exchange email server and several NT Domains. The domains had different trustships between each other. In the exchange webmail you are only asked for username and password. Users who don't belong to the main domain but one of the trusted domains had to use "domain\username" as username. The username chosen in MS Outlook for the exchange server was also domain\username. I never tried with @, but the \ is common separator in MS and I think it should be handled without a new property. Benjamin -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Stadin, Benjamin wrote: > I think it should be handled without > a new property. Why not just copy what NTLM implementation as well as function LogonUser() already provide? Even Internet Explorer pops up a dialog with an additional Domain-field upon NTLM authentications. With two new Domain-properties, one for the proxy and one for the server, we must not parse strings and don't need to care about current syntax and possible future syntax changes. Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Scrive Tibor Csonka <[EMAIL PROTECTED]>: [...] > >You have a similar situation with IIS? I mean, if you don't include the > domain > >you will be authenticated? > > > > > It seemes to me that you have the same problem as me. Try to separe the > user and the domain. If it works let me know so I can patch the proxy > part of NTLM auth too. I'm sorry but at the moment I can't do this test. > Without domain the user will not be authenticated, I tried. But I am not > in controll of the server so maybe from another location users may > possibli can authenticate themselves without domain. Maybe the situation is that if no domain is specified then the server use a "dafault" one. But this is only an hypotesys. > I looked in Firefox NTLM code and it seemes that they do the same > (separate the user and the domain). This is very interesting. Bye, Maurizio. This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Scrive Paul <[EMAIL PROTECTED]>: > You can't know what the proxy wants, > so you have to test all possible situations and > pick the one that works > As Maurizio said, some users have to add the domain > and some not (on the same proxy!) Is it possible for you to test with proxy that need [EMAIL PROTECTED] if sending domain and password separate in the Msg3 then it works or not? Bye, Maurizio. This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Scrive Francois PIETTE <[EMAIL PROTECTED]>: > > That is what I ment also. Now the question is that should or should not > > ICS allow other separators than backslash? > > Should ICS be responsible for domain/user parsing out of a single property > or should a new property with domain added ? I suggest to do so. Separate domain and user and try to authenticate under the various situations where "different" format are needed, i.e. Username, Domain\Username and [EMAIL PROTECTED] If it works in every situation then we should decide which format use (for example Domain\Username as I see in Windows logon) and then it is the application that must set the Username property accordinly. Bye, Maurizio. This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] ICS stack buffer overflow?
Hi dear developers, Please check the thread in borland.public.delphi.non-technical (borland nntp server) First post: "Hi all, We know that by using the standart VCL functions it is impossible to create a stack overflow condition in delphi-written applications.But how about Heap Based overflows?Last week I came across an exploit that exploits a Heap overflow in ICS component suite.(if I remember it correctly).This type of attack is as dangerous as stack overflow.(except generally it is more difficult to implement an exploit).Well what should we think about these kind of security problems while coding?I have not seen a detailed document on the subject on how to avoid heap based overflows? Regards... " Is the latest ICS sure for overflow attacks? Roberto Della Pasqua Http: www.dellapasqua.com Email/Msn: [EMAIL PROTECTED] Aol/Yahoo: DellaPasquaR Icq: 164672275 - This e-mail and any attachment contain information which is privileged and confidential and is intended for the addressee only. If you have received this message but you are not the intended addressee, be advised that you are not authorized to read, copy or use this email or any attachment. If you have received this email in error, please destroy it and notify the sender by return email. Thank you. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Scrive Tibor Csonka <[EMAIL PROTECTED]>: > I would like to correct the bug report I posted before: [...] > A new property for the domain can be added for proxy auth and > separatelly for web auth or a property in which users can set the domain > name separator this can be one for each of the authentication part, > because it's mainly depends on the implementor application's user inteface. As I sayd, I suggest to wait to add new properties until we checked that if we separate domain and username solve all NTLM authentication problems. Bye, Maurizio. This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Scrive Arno Garrels <[EMAIL PROTECTED]>: [...] > I think they arn't so smart, but just calling LogOnUser() note > that [EMAIL PROTECTED] valid, not only for FTP-proxies. I don't think that the server use LogOnUser to authenticate the request because with NTLM it will not receive the password in plain text. Bye, Maurizio. This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Arno Garrels schrieb: > > Stadin, Benjamin wrote: > > > I think it should be handled without > > a new property. > > Why not just copy what NTLM implementation as well as function > LogonUser() already provide? Even Internet Explorer pops up a > dialog with an additional Domain-field upon NTLM authentications. Maybe it does this with proxy authentication, I mean just plain NTLM authentication. When you log into Exchange webmail you have only username and password field (I'm currently writing this email from it). Normally it checks the user on the domain Exchange "is running on". If the user is on a trusted domain he must use domain\username. > With two new Domain-properties, one for the proxy and one for the > server, we must not parse strings and don't need to care about > current syntax and possible future syntax changes. > > Arno Garrels > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Maurizio Lotauro wrote: > Scrive Arno Garrels <[EMAIL PROTECTED]>: > > [...] > >> I think they arn't so smart, but just calling LogOnUser() note >> that [EMAIL PROTECTED] valid, not only for FTP-proxies. > > I don't think that the server use LogOnUser to authenticate the request > because with NTLM it will not receive the password in plain text. Yes you are right, it's the hashed password only. However it appears that problems due to the missing Domain-property described in this thread become clear if you read the LogonUser() docu. Does anybody know how a server/proxy checks a NTLM logon attempt against Windows-users? Arno Garrels > > Bye, Maurizio. > > > > This mail has been sent using Alpikom webmail system > http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] NTLM authentication reloaded
Arno Garrels wrote: > Maurizio Lotauro wrote: >> Scrive Arno Garrels <[EMAIL PROTECTED]>: >> >> [...] >> >>> I think they arn't so smart, but just calling LogOnUser() note >>> that [EMAIL PROTECTED] valid, not only for FTP-proxies. >> >> I don't think that the server use LogOnUser to authenticate the request >> because with NTLM it will not receive the password in plain text. > > Yes you are right, it's the hashed password only. However it appears that > problems due to the missing Domain-property described in this thread > become clear if you read the LogonUser() docu. Does anybody know how a > server/proxy checks a NTLM logon attempt against Windows-users? Oh Oh, it's not so simple as I thought before, forget the hashed password ;-) > > Arno Garrels > >> >> Bye, Maurizio. >> >> >> >> This mail has been sent using Alpikom webmail system >> http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS stack buffer overflow?
> Is the latest ICS sure for overflow attacks? Yes, it is. But some application may not be secure if not correctly developed ! The application programmer _muust_ take care of many problems the component can't do for him. For example, if your application receive data and buffer incomming data waiting for a delimiter which will never come, then your application is subject to denial of service attack. Your application, not the component ! -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be - Original Message - From: "Roberto Della Pasqua" <[EMAIL PROTECTED]> To: "'ICS support mailing'" Sent: Friday, January 20, 2006 4:40 PM Subject: [twsocket] ICS stack buffer overflow? > Hi dear developers, > > Please check the thread in borland.public.delphi.non-technical (borland > nntp > server) > > First post: > > "Hi all, > > We know that by using the standart VCL functions it is impossible to > create > a stack overflow condition in delphi-written applications.But how about > Heap > > Based overflows?Last week I came across an exploit that exploits a Heap > overflow in ICS component suite.(if I remember it correctly).This type of > attack is as dangerous as stack overflow.(except generally it is more > difficult to implement an exploit).Well what should we think about these > kind of security problems while coding?I have not seen a detailed document > on the subject on how to avoid heap based overflows? > > Regards... " > > Is the latest ICS sure for overflow attacks? > > Roberto Della Pasqua > Http: www.dellapasqua.com > Email/Msn: [EMAIL PROTECTED] > Aol/Yahoo: DellaPasquaR > Icq: 164672275 > - > This e-mail and any attachment contain information which is privileged and > confidential and is intended for the addressee only. If you have received > this message but you are not the intended addressee, be advised that you > are > not authorized to read, copy or use this email or any attachment. If you > have received this email in error, please destroy it and notify the sender > by return email. Thank you. > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Weird problem sending http stream
I run into something weird. I have a routine to send a stream with http (Post). The first time I send a stream, there is a delay of about 20 seconds between the PostAsync instruction end the triggering of the onRequestdone event. No errors detected During this time, there is no traffic. If this first run is finally executed, then all subsequent posts are handled normally (tested for an hour). Does anyone had this problem before ? Paul -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS stack buffer overflow?
TNX Roberto Della Pasqua Http: www.dellapasqua.com Email/Msn: [EMAIL PROTECTED] Aol/Yahoo: DellaPasquaR Icq: 164672275 - This e-mail and any attachment contain information which is privileged and confidential and is intended for the addressee only. If you have received this message but you are not the intended addressee, be advised that you are not authorized to read, copy or use this email or any attachment. If you have received this email in error, please destroy it and notify the sender by return email. Thank you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francois PIETTE Sent: venerdì 20 gennaio 2006 18.42 To: ICS support mailing Subject: Re: [twsocket] ICS stack buffer overflow? > Is the latest ICS sure for overflow attacks? Yes, it is. But some application may not be secure if not correctly developed ! The application programmer _muust_ take care of many problems the component can't do for him. For example, if your application receive data and buffer incomming data waiting for a delimiter which will never come, then your application is subject to denial of service attack. Your application, not the component ! -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be - Original Message - From: "Roberto Della Pasqua" <[EMAIL PROTECTED]> To: "'ICS support mailing'" Sent: Friday, January 20, 2006 4:40 PM Subject: [twsocket] ICS stack buffer overflow? > Hi dear developers, > > Please check the thread in borland.public.delphi.non-technical (borland > nntp > server) > > First post: > > "Hi all, > > We know that by using the standart VCL functions it is impossible to > create > a stack overflow condition in delphi-written applications.But how about > Heap > > Based overflows?Last week I came across an exploit that exploits a Heap > overflow in ICS component suite.(if I remember it correctly).This type of > attack is as dangerous as stack overflow.(except generally it is more > difficult to implement an exploit).Well what should we think about these > kind of security problems while coding?I have not seen a detailed document > on the subject on how to avoid heap based overflows? > > Regards... " > > Is the latest ICS sure for overflow attacks? > > Roberto Della Pasqua > Http: www.dellapasqua.com > Email/Msn: [EMAIL PROTECTED] > Aol/Yahoo: DellaPasquaR > Icq: 164672275 > - > This e-mail and any attachment contain information which is privileged and > confidential and is intended for the addressee only. If you have received > this message but you are not the intended addressee, be advised that you > are > not authorized to read, copy or use this email or any attachment. If you > have received this email in error, please destroy it and notify the sender > by return email. Thank you. > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be __ Informazione NOD32 1.1372 (20060119) __ Questo messaggio h stato controllato dal Sistema Antivirus NOD32 http://www.nod32.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpServer Digest Auth implemented with ICS
That's an interesting contribution ! Thank you. -- [EMAIL PROTECTED] http://www.overbyte.be - Original Message - From: "Fastream Technologies" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Friday, January 20, 2006 1:50 PM Subject: [twsocket] THttpServer Digest Auth implemented with ICS > Hello Francois and Everybody, > > We (me and Peter Nikolow) worked on Digest authentication for ICS > THttpServer. We used Delphi and ICS v5 (unit version 1.38) for the > httpsrv.pas and C++ for the test unit. We (fastream.com) want to donate > the > code to our very community. I urge you (Francois) to make this code part > of > your official release of both v5 and v6 and other people to have a look at > the code and provide feedback so that we would be able to fix anything > wrong. > > http://www.fastream.com/ics/THttpServerDigest.zip > > (The C++ code is less than 30 lines and it should not be hard to write it > with Delphi as well). > > Best Regards, > > SubZero > > CSA, Fastream Technologies > Software IQ: Innovation & Quality > www.fastream.com | [EMAIL PROTECTED] > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Weird problem sending http stream
> I have a routine to send a stream with http (Post). > The first time I send a stream, there is a delay of about 20 seconds > between the PostAsync instruction end the triggering of the > onRequestdone event. > No errors detected > During this time, there is no traffic. When is the stream data sent ? In the beginning of the 20 sec delay or at the end ? In other words: is the delay caused at server side or client side ? Have you checked that content length header line is correct ? -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Weird problem sending http stream
Francois, Just found the problem. There were lots of messages generated due to a wrong reference. Paul - Original Message - From: "Francois PIETTE" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Friday, January 20, 2006 7:47 PM Subject: Re: [twsocket] Weird problem sending http stream >> I have a routine to send a stream with http (Post). >> The first time I send a stream, there is a delay of about 20 seconds >> between the PostAsync instruction end the triggering of the >> onRequestdone event. >> No errors detected >> During this time, there is no traffic. > > When is the stream data sent ? In the beginning of the 20 sec delay or at > the end ? In other words: is the delay caused at server side or client > side > ? Have you checked that content length header line is correct ? > > > -- > Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html > -- > [EMAIL PROTECTED] > http://www.overbyte.be > > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] TWSocket sending UDP
Hey. I'm trying to use TWSocket to send UDP messages to many different hosts. I want to create the TWSocket dynamically, and I don't want to have to use Connect/Close every time I send a UDP message. I thought I could use the SendTo() procedure to do this, but I have had no success. This is my test code to send one UDP message to myself (it doesn't work): procedure Test(); var DestAddr: TSockAddr; Data: string; begin SocketOut := TWSocket.Create(nil); // create the socket SocketOut.Proto := 'udp'; // set it to use UDP (shouldnt really need this) ZeroMemory(@DestAddr, SizeOf(DestAddr)); // clear the address DestAddr.sin_family := AF_INET; // we have to use AF_INET DestAddr.sin_port := 600; // set the port to 600 DestAddr.sin_addr.S_addr := WSocket_inet_addr('127.0.0.1'); // point to self Data := 'Hello world'; // the message we want to send SocketOut.SendTo(DestAddr, SizeOf(DestAddr), @Data[1], Length(Data)); // send // nb: SocketOut is freed later end; Could anyone point out to me what I'm doing wrong. :) Thanks - Shane -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be