Computer Beginner Guide

Many components are provided in the IDE on the Component palette. You select components from the Component palette and drop them onto a form or data module. You design the application’s user interface by arranging the visual components such as buttons and list boxes on a form. You can also place nonvisual components such as data access components on either a form or a data module. At first glance, Delphi’s components appear to be just like any other classes. But there are differences between components in Delphi and the standard class hierarchies that many programmers work with. Some differences are described here: All Delphi components descend from TComponent. Components are most often used as is and are changed through their properties, rather than serving as “base classes” to be subclassed to add or change functionality. When a component is inherited, it is usually to add specific code to existing event handling member functions. Components can only be allocated on t

There are many services which a site may wish to provide for its users, some of which may be external. There are a variety of security reasons to attempt to isolate services onto dedicated host computers. The services which a site may provide will, in most cases, have different levels of access needs and models of trust. Name Servers (DNS and NIS (+)) - The Internet uses the Domain Name System (DNS) to perform address resolution for host and network names. The Network Information Service (NIS) and NIS+ are not used on the global Internet, but are subject to the same risks as a DNS server. Name-to-address resolution is critical to the secure operation of any network. An attacker who can successfully control or impersonate a DNS server can re-route traffic to subvert security protections. For example, routine traffic can be diverted to a compromised system to be monitored; or, users can be tricked into providing authentication secrets. An organization should create well kn

One powerful built-in type of the Delphi language is the Variant type. Variants represent values whose type is not determined at compile time. Instead, the type of their value can change at runtime. Variants can mix with other variants and with integer, real, string, and boolean values in expressions and assignments; the compiler automatically performs type conversions. By default, variants can’t hold values that are records, sets, static arrays, files, classes, class references, or pointers. You can, however, extend the Variant type to work with any particular example of these types. All you need to do is create a descendant of the TCustomVariantType class that indicates how the Variant type performs standard operations. To create a Variant type: Map the storage of the variant’s data on to the TVarData record. Declare a class that descends from TCustomVariantType. Implement all required behavior (including type conversion rules) in the new class. Write utility methods for

There are many services which a site may wish to provide for its users, some of which may be external. There are a variety of security reasons to attempt to isolate services onto dedicated host computers. The services which a site may provide will, in most cases, have different levels of access needs and models of trust. Services which are essential to the security or smooth operation of a site would be better off being placed on a dedicated machine with very limited access, rather than on a machine that provides a service (or services) which has traditionally been less secure, or requires greater accessibility by users who may accidentally suborn security. It is also important to distinguish between hosts which operate within different models of trust (e.g., all the hosts inside of a firewall and any host on an exposed network). Some of the services which should be examined for potential separation are outlined in the section on service protection. It is important to reme

The ConvUtils unit declares a general-purpose Convert function that you can use to convert a measurement from one set of units to another. You can perform conversions between compatible units of measurement such as feet and inches or days and weeks. Units that measure the same types of things are said to be in the same conversion family. The units you’re converting must be in the same conversion family. The StdConvs unit defines several conversion families and measurement units within each family. In addition, you can create customized conversion families and associated units using the RegisterConversionType and RegisterConversionFamily functions. You can use the Convert function to perform both simple and complex conversions. It includes a simple syntax and a second syntax for performing conversions between complex measurement types. You can use the Convert function to convert a measurement from one set of units to another. The Convert function converts between units tha

This service performs two functions. The first is the detection of the occurrence of a threat. (However, the detection does not occur in real time unless some type of realtime monitoring capability is utilized.) Depending on the extensiveness of the logging, the detected event should be traceable throughout the system. For example, when an intruder breaks into the system, the log should indicate who was logged on to the system at the time, all sensitive files that had failed accesses, all programs that had attempted executions, etc. It should also indicate sensitive files and programs that were successfully accessed in this time period. It may be appropriate that some areas of the LAN (workstations, fileservers, etc.) have some type of logging service. The second function of this service is to provide system and network managers with statistics that indicate that systems and the network as a whole are functioning properly. This can be done by an audit mechanism that uses

Long string to PChar conversions are not automatic. Some of the differences between strings and PChars can make conversions problematic: Long strings are reference-counted, while PChars are not. Assigning to a string copies the data, while a PChar is a pointer to memory. Long strings are null-terminated and also contain the length of the string, while PChars are simply null-terminated. Sometimes you need convert a long string to a null-terminated string, for example, if you are using a function that takes a PChar. If you must cast a string to a PChar, be aware that you are responsible for the lifetime of the resulting PChar. Because long strings are reference counted, typecasting a string to a PChar increases the dependency on the string by one, without actually incrementing the reference count. When the reference count hits zero, the string will be destroyed, even though there is an extra dependency on it. The cast PChar will also disappear, while the routine you passed

The data and message integrity service helps to protect data and software on workstations, file servers, and other LAN components from unauthorized modification. The unauthorized modification can be intentional or accidental. This service can be provided by the use of cryptographic checksums, and very granular access control and privilege mechanisms. The more granular the access control or privilege mechanism, the less likely an unauthorized or accidental modification can occur. The data and message integrity service also helps to ensure that a message is not altered, deleted or added to in any manner during transmission. (The inadvertent modification of a message packet is handled through the media access control implemented within the LAN protocol.) Most of the security techniques available today cannot prevent the modification of a message, but they can detect the modification of a message (unless the message is deleted altogether). The use of checksums provide a modif

The long string handling routines cover several functional areas. Within these areas, some are used for the same purpose, the differences being whether they use a particular criterion in their calculations. The following tables list these routines by these functional areas: Comparison Case conversion Modification Sub-string Where appropriate, the tables also provide columns indicating whether a routine satisfies the following criteria. Uses case sensitivity: If locale settings are used, it determines the definition of case. If the routine does not use locale settings, analyses are based upon the ordinal values of the characters. If the routine is case-insensitive, there is a logical merging of upper and lower case characters that is determined by a predefined pattern. Uses locale settings: Locale settings allow you to customize your application for specific locales, in particular, for Asian language environments. Most locale settings consider lowercase characters to

The data and message confidentiality service can be used when the secrecy of information is necessary. As a front line protection, this service may incorporate mechanisms associated with the access control service, but can also rely on encryption to provide further secrecy protection. Encrypting information converts it to an unintelligible form called ciphertext, decrypting converts the information back to its original form. Sensitive information can be stored in the encrypted, ciphertext, form. In this way if the access control service is circumvented, the file may be accessed but the information is still protected by being in encrypted form. (The use of encryption may be critical on PCs that do not provide an access control service as a front line protection.) It is very difficult to control unauthorized access to LAN traffic as it is moved through the LAN. For most LAN users, this is a realized and accepted problem. The use of encryption reduces the risk of someone capt

Wide strings are used in a variety of situations. Some technologies, such as XML, use wide strings as a native type. You may also choose to use wide strings because they simplify some of the string-handling issues in applications that have multiple target locales. Using a wide character encoding scheme has the advantage that you can make many of the usual assumptions about strings that do not work for MBCS systems. There is a direct relationship between the number of bytes in the string and the number of characters in the string. You do not need to worry about cutting characters in half or mistaking the second part of a character for the start of a different character. A disadvantage of working with wide characters is that many VCL controls represent string values as single byte or MBCS strings. (Cross-platform versions of the controls typically use wide strings.) Translating between the wide character system and the MBCS system every time you set a string property or rea

This service protects against the unauthorized use of LAN resources, and can be provided by the use of access control mechanisms and privilege mechanisms. Most file servers and multi-user workstations provide this service to some extent. However, PCs which mount drives from the file servers usually do not. Users must recognize that files used locally from a mounted drive are under the access control of the PC. For this reason it may be important to incorporate access control, confidentiality and integrity services on PCs to whatever extent possible. According to [NCSC87], access control can be achieved by using discretionary access control or mandatory access control. Discretionary access control is the most common type of access control used by LANs. The basis of this kind of security is that an individual user, or program operating on the user’s behalf is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to in

One of the most commonly used types of list is a list of character strings. Examples include items in a combo box, lines in a memo, names of fonts, and names of rows and columns in a string grid. BaseCLX provides a common interface to any list of strings through an object called TStrings and its descendants such as TStringList and THashedStringList. TStringList implements the abstract properties and methods introduced by TStrings, and introduces properties, events, and methods to: Sort the strings in the list. Prohibit duplicate strings in sorted lists. Respond to changes in the contents of the list. In addition to providing functionality for maintaining string lists, these objects allow easy interoperability; for example, you can edit the lines of a memo (which are a TStrings descendant) and then use these lines as items in a combo box (also a TStrings descendant). A string-list property appears in the Object Inspector with TStrings in the Value column. Double-click TStri

The first step toward securing the resources of a LAN is the ability to verify the identities of users [BNOV91]. The process of verifying a user’s identity is referred to as authentication. Authentication provides the basis for the effectiveness of other controls used on the LAN. For example the logging mechanism provides usage information based on the userid. The access control mechanism permits access to LAN resources based on the userid. Both these controls are only effective under the assumption that the requestor of a LAN service is the valid user assigned to that specific userid. Identification requires the user to be known by the LAN in some manner. This is usually based on an assigned userid. However the LAN cannot trust the validity that the user is in fact, who the user claims to be, without being authenticated. The authentication is done by having the user supply something that only the user has, such as a token, something that only the user knows, such as a pa

BaseCLX includes many classes that represents lists or collections of items. They vary depending on the types of items they contain, what operations they support, and whether they are persistent. The following lists various list classes, and indicates the types of items they contain: TListn - A list of pointers TThreadList - A thread-safe list of pointers TBucketList - A hashed list of pointers TObjectBucketList - A hashed list of object instances TObjectList - A memory-managed list of object instances TComponentList - A memory-managed list of components (that is, instances of classes descended from TComponent) TClassList - A list of class references TInterfaceList - A list of interface pointers. TQueue - A first-in first-out list of pointers TStack - A last-in first-out list of pointers TObjectQueue~ - A first-in first-out list of objects TObjectStack~ - A last-in first-out list of objects TCollection - Base class for many specialized classes of typed items. TStrin

A variety of threats face today's computer systems and the information they process. In order to control the risks of operating an information system, managers and users must know the vulnerabilities of the system and the threats, which may exploit them. Knowledge of the threat environment allows the system manager to implement the most cost-effective security measures. In some cases, managers may find it most cost-effective to simply tolerate the expected losses. The following threats and associated losses are based on their prevalence and significance in the current computing environment and their expected growth. The list is not exhaustive; some threats may combine elements from more than one area. Errors and Omissions Users, data entry clerks, system operators, and programmers frequently make unintentional errors, which contribute to security problems, directly and indirectly. Sometimes the error is the threat, such as a data entry error or a programming error th

Many applications use ini files to store configuration information. BaseCLX includes two classes for working with ini files: TIniFile and TMemIniFile. Using ini files has the advantage that they can be used in cross-platform applications and they are easy to read and edit. Many Windows applications replace the use of ini files with the system Registry. The Windows system Registry is a hierarchical database that acts as a centralized storage space for configuration information. The VCL includes classes for working with the system Registry. While these are technically not part of BaseCLX (because they are only available on Windows), two of these classes, TRegistryIniFile and TRegistry, are discussed here because of their similarity to the classes for working with ini files. TRegistryIniFile is useful for cross-platform applications, because it shares a common ancestor (TCustomIniFile) with the classes that work with ini files. If you confine yourself to the methods of the c

Data that is transmitted over a LAN should not be altered in an unauthorized manner as a result of that transmission, either by the LAN itself, or by an intruder. LAN users should be able to have a reasonable expectation that the message sent, is received unmodified. A modification occurs when an intentional or unintentional change is made to any part of the message including the contents and addressing information. Messages transmitted over the LAN need to contain some sort of addressing information that reports the sending address of the message and the receiving address of the message (along with other pieces of information). Spoofing of LAN traffic involves: The ability to receive a message by masquerading as the legitimate receiving destination, or Masquerading as the sending machine and sending a message to a destination. To masquerade as a receiving machine, the LAN must be persuaded into believing that the destination address is the legitimate address of the mac