>>>>>In several places in our application executable we have hooks that call custom, external, encrypted programs whose names are stored in a table.
>>>>>
>>>>>Recently, a new custom program needed to USE a confidential free table that is included in the executable, and VFP couldn't find it.
>>>>>
>>>>>Is there any way that we can force the external program to look for the table inside the exe file?
>>>>>
>>>>>TIA,
>>>>>
>>>>>Alex
>>>>
>>>>Yes, create a function like DoCmd in your exe, preferably in the main procedure file which is startup at runtime..
>>>>
>>>>
>>>>FUNCTION DoCmd(cCommand)
>>>>
>>>>&cCommand
>>>>ENDFUNC
>>>>
>>>>Then you can call the following from an outside PRG
>>>>
>>>>
>>>>DoCmd("USE MyInternalTable")
>>>>
>>>
>>>In terms of security, this approach is a problem. You can do almost anything from that point.
>>>
>>>DoCmd("DO my.prg")
>>>
>>>will work too. Instantiate classes? Open forms? Mimic existing stuff into something new? You have full control from that point. See what you can do in terms of compiling and creating at run time. That's huge.
>>>
>>>Never ever do that.
>>>And don't argue nobody knows your structure. This is named security through obscurity.
>>
>>Ehh, Sorry but from a security POV I fail to see what would be the difference in having the possibility to do whatever you like in an outside PRG and exploiting functionality from within the executable. There really is not difference between the two.
>
>If I can access the runing program I can adress objects? Move the program running into something I'm normally not allowed to? Use the interfaces of the running program?
>My programs have an admin mode. A simple flag somewhere. Turn it on and the program allows things normal user should not do. The macro could do it.
>I'm not realy intersted what one can do. I simply dislike somebody doing it. Maybe somebody has more fantasy?
>
>BTW one don't even need a special function for this.
>Some folks open MODI REPO to there customers. A neatly placed sequence of EXECSCRIPT() and _VFP.SETVAR() in a field, calculation, name it can do the same. Runs perfectly in exes context.
Sorry Lutz, but I do not think you do understand how VFP works in this respect. EXECSCRIPT() does not hide public variables or loaded objects or forms. You still can access and use them. Classes that are already loaded into memory can be instantiated with CREATEOJECT(), you can dump memory and analyze what variables have been set and used.
Just an execscript() or a calling a PRG from outside does not give you any protection on accessing resources from inside the executable. There are many, many ways to get at everything in the executable itself.
Walter,