Skip to content

Instantly share code, notes, and snippets.

View synopse's full-sized avatar
🏠
Working from the mountains

ab synopse

🏠
Working from the mountains
432 followers · 5 following
View GitHub Profile
@synopse
synopse / Win64 mORMot 2.4.13415
Created January 19, 2026 11:00
c:\Temp\tempbuild\exe>mormot2tests
mORMot2 Regression Tests
--------------------------
1. Core units
1.1. Core base:
- Records: 2,110 assertions passed 449us
@synopse
synopse / duckdb.md
Last active December 18, 2025 14:14
DuckDB in mORMot 2

Great — then I’ll go end-to-end, at the level that should be actionable for a mORMot2 maintainer, not hand-wavy.

I’ll structure this into the four requested parts, but you’ll see they naturally fit together.

1. Minimal DuckDB C API binding for mORMot2

1.1 Scope discipline (critical)

@synopse
synopse / gist:8aff0000578968086b4ff9da720ebce3
Last active December 9, 2025 16:22
mormot2 tests on win64 arm - prim x86_64 exe
C:\Users\administrator\x64>mormot2tests -t coreecc -t crypto.bench
mORMot2 Regression Tests
--------------------------
1. Core units
1.4. Core crypto:
- Benchmark: 152,535 assertions passed 2.15s
@synopse
synopse / gist:45be1b06342a120d00e4cc4447630452
Last active December 9, 2025 16:23
mormot2 tests on win64 arm - native aarch64 exe
C:\test>mormot2tests -t coreecc -t crypto.bench
mORMot2 Regression Tests
--------------------------
1. Core units
1.4. Core crypto:
- Benchmark: 152,535 assertions passed 4.02s
@synopse
synopse / proxycache peercache.md
Last active November 20, 2025 20:23
Grok proxycache peercache

As of late 2025, after an exhaustive search across GitHub, forums, documentation, and general web sources — no, there is still no other solution (open-source or proprietary) that comes anywhere close to what mORMot 2's THttpPeerCache does in the exact niche you're targeting:

  • A transparent forward HTTP/HTTPS caching proxy
  • With automatic UDP-multicast peer discovery (WS-Discovery style)
  • Live streaming to concurrent requesters (one upstream connection → many local peers get the data in real time)
  • Whole-object level but with the smart “one wins and feeds the others instantly” behavior you described
  • Fully cross-platform native code (Windows + Linux + macOS out of the box, no WSL/Java/mono required)

Closest things that exist (and why they don’t match)

@synopse
synopse / scramsha256.md
Last active November 18, 2025 10:50
Implement SCRAM-SHA256 to the mongodb client

mORMot 2's MongoDB client (in mormot.db.nosql.mongodb.pas) currently supports only MONGODB-CR (deprecated) and SCRAM-SHA-1 for authentication in TMongoClient.Auth. It lacks native support for SCRAM-SHA-256, the default mechanism in MongoDB 4.0+ (and required for many modern deployments like Atlas clusters with stricter security).

Current Status

  • The TMongoClient.Auth method checks an enumeration like TMongoAuthMechanism = (maCR, maSHA1) and implements the old MONGODB-CR nonce-based flow or the SCRAM-SHA-1 conversation.
  • No maSHA256 option exists, and the SCRAM code uses SHA-1 digests (from SynCommons SHA-1 functions).
  • mORMot 2's own internal authentication (e.g., for REST servers) supports full SCRAM (including SHA-256 variants and even PBKDF2/SHA3), but the MongoDB client layer has not been updated for SCRAM-SHA-256 yet.

What Needs to Be Done to Add SCRAM-SHA-256

To add it properly (cleanly, without breaking existing code):

@synopse
synopse / gist:0d5468dd4deaaa0bba7c9daf947f38da
Created November 6, 2025 15:27
mORMot 2 tests with Delphi 10.4 Sydney 64 bit Win compiler
c:\Temp\tempbuild\exe>mormot2tests
mORMot2 Regression Tests
--------------------------
1. Core units
1.1. Core base:
@synopse
synopse / mongoauth.md
Last active November 4, 2025 09:35
Best Pattern for Authentication in MongoDB Clients (Version 8.1+)

Differences Between SCRAM-SHA-1 and SCRAM-SHA-256 in MongoDB

SCRAM (Salted Challenge Response Authentication Mechanism) is MongoDB's default authentication method, based on IETF RFC 5802 (for SHA-1) and RFC 7677 (for SHA-256). Both variants follow a similar challenge-response flow to avoid sending plaintext passwords over the wire, but they differ in security, hashing, and MongoDB-specific tweaks. SCRAM-SHA-256 became the default in MongoDB 4.0+ due to SHA-1's deprecation and known weaknesses (e.g., collision vulnerabilities).

Here's a comparison:

Aspect SCRAM-SHA-1 SCRAM-SHA-256
Hashing Algorithm SHA-1 (160-bit output)
@synopse
synopse / scram.md
Created November 4, 2025 09:31
with mongodb, can I connect using SCRAM-SHA-256 to a user created with SCRAM-SHA-1 digest?

No, you cannot connect to MongoDB using SCRAM-SHA-256 authentication for a user that was explicitly created with only the SCRAM-SHA-1 mechanism (i.e., specifying mechanisms: ["SCRAM-SHA-1"] in db.createUser()).

Here's why:

  • When creating a user, the mechanisms field determines which SCRAM variants' credentials are stored for that user. SCRAM-SHA-1 and SCRAM-SHA-256 are distinct: the former uses SHA-1 hashing, while the latter uses SHA-256 and requires server-side password digestion (passwordDigestor: "server").
  • If only SCRAM-SHA-1 is specified, the server stores only the corresponding salted password verifier for that mechanism. Attempting SCRAM-SHA-256 authentication will fail because the server lacks the SHA-256 credentials for the user.
  • By default (without specifying mechanisms), MongoDB creates users with both SCRAM-SHA-1 and SCRAM-SHA-256 credentials, allowing clients to authenticate using either. You can also explicitly add both via mechanisms: ["SCRAM-SHA-1", "SCRAM-SHA-256"]
@synopse
synopse / gist:83d7b264f336e9a8181924e16b94585e
Created August 12, 2025 16:36
mORMot 2.3.11993 on Delphi 12.2 Win64
mORMot2 Regression Tests
--------------------------
1. Core units
1.1. Core base:
- Records: 893 assertions passed 641us
- TSynList: 3,007 assertions passed 150us