tag:blogger.com,1999:blog-3339459875755088113.post4629777879993635410..comments2024-02-03T09:56:04.249-07:00Comments on Rob’s Technology Corner: New Rad Studio Coming - Security?Robert Lovehttp://www.blogger.com/profile/09035581266678763273noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-3339459875755088113.post-47417458675414806542016-04-09T14:44:41.611-06:002016-04-09T14:44:41.611-06:00This comment has been removed by the author.alcaldehttps://www.blogger.com/profile/14404682533930977783noreply@blogger.comtag:blogger.com,1999:blog-3339459875755088113.post-88503528191967648022016-04-08T04:55:53.166-06:002016-04-08T04:55:53.166-06:00I started to write about the lack of security in D...I started to write about the lack of security in Delphi since they released the new Datasnap back in 2010 (and it's a design issue, not an implementation one). They repeated the same mistakes in their other remoting frameworks. Delphi does not have wrappers for OS authentication/encryption library, and because noone at Embarcadero took care of the paperwork to export software with encryption (it's really just some paperwork...) they delivered only known unsafe algorithms (RSA with short keys) and totally unknown ones ("PC1") they found for free googling. Did the RTL/VCL/etc. ever undergo a full security audit? I'm not sure all functions are safe. What about Indy? Today security is no longer optional, almost every day you see someone hacked and important data stolen. Still Embarcadero may listen, but doesn't act, or acts very slowly. How long could it afford it?LDShttps://www.blogger.com/profile/04633789460476801953noreply@blogger.comtag:blogger.com,1999:blog-3339459875755088113.post-11853726625371288632016-04-07T14:55:06.877-06:002016-04-07T14:55:06.877-06:00Yep FUD, it's been earned. 221 days since I ...Yep FUD, it's been earned. 221 days since I notified of them security issues. Most issues have not been dealt with. If I was a security researcher I would have published my findings after 90 days. Instead I waited this long to publish the fact that they exist. Security researches would have wanted a bug bounty payment I just want them to fix the problems. It's clear I was ignored when it comes to the website. I don't trust embarcadero anymore; it's going to take some highly visible effort to regain that trust. <br /><br />I am required to write security applications. How can I use a product to develop applications when ALL of the website they have developed are not secure? You need to trust your technology vendors, but you should still verify that. When I verified it I was surprised, then hoped for a fix, gave up, and now publicly complain, with small measure of hope. <br />Robert Lovehttps://www.blogger.com/profile/09035581266678763273noreply@blogger.comtag:blogger.com,1999:blog-3339459875755088113.post-86587189816210522332016-04-07T08:31:55.974-06:002016-04-07T08:31:55.974-06:00The same concerns with the tool have been apparent...The same concerns with the tool have been apparent since 1995. Yet its still here. There's a lot of FUD about Delphi, yet it still provides (IMHO) better cross platform support, faster binary operation and better developer productivity than almost any other tool out there. When you add all of this up, most of the complaints are faceless compared with what the world would look like without Delphi. So I would suggest objectivity here. You are all developing in the right tool and it has only gotten way stronger in the past 5 years than before that.VladTheImpaledhttps://www.blogger.com/profile/07245217409839271096noreply@blogger.comtag:blogger.com,1999:blog-3339459875755088113.post-28075177503561465002016-04-07T00:30:44.829-06:002016-04-07T00:30:44.829-06:00I am also in a similar position. I have a couple ...I am also in a similar position. I have a couple of commercial products written in Delphi and I am concerned about the future of the tool.Anonymoushttps://www.blogger.com/profile/07703536006710681160noreply@blogger.comtag:blogger.com,1999:blog-3339459875755088113.post-22206344265354554852016-04-06T23:04:18.564-06:002016-04-06T23:04:18.564-06:00I love Delphi it's a great tool I want to see ...I love Delphi it's a great tool I want to see it succeed and has had a very positive impact on my career - Me too.Wilfred Oluochhttps://www.blogger.com/profile/17399352850451418851noreply@blogger.com