Hi Jonathan,
This is interesting (IMHO), because - while I'm a long time vfp-programmer - I was not aware of the existence of VFP7RUN.EXE. This is because I'm used to building applications that consist of a main exe and several apps. The main exe includes the loader, but it won't ever start another app by clicking on that app. While I do distribute the runtime library VFP7R.DLL, I never distribute VFP7RUN.EXE. The way I distribute applications is quite common and it will NOT make the user's pc vulnerable.
>Hi Peter,
>
>I installed the VFP runtime on a machine that has never had VFP or the runtime before. After installation, the .app file extension is registered and set to run with VFP6RUN.exe (part of the VFP runtime). If I double-click on an .app file, it executes just fine. So, users with just the runtime are also vulnerable.
>
>Jonathan
>
>>>Vulnerable.
>>>
>>>>If I patch my dev copy of VFP6, then create a distribution for an app which includes VFP6 runtime, will users who install my app be protected or vulnerable?
>>
>>John,
>>
>>The runtime files are only DLL's, which are not linked to any file extension. A machine that ONLY has the (distributable) runtime files will NOT be able to launch an APP in any way. Am I missing something?
>>
>>Peter
Groet,
Peter de Valença
Constructive frustration is the breeding ground of genius.
If there’s no willingness to moderate for the sake of good debate, then I have no willingness to debate at all.
Let's develop superb standards that will end the holy wars.
"There are three types of people: Alphas and Betas", said the beta decisively.
If you find this message rude or offensive or stupid, please take a step away from the keyboard and try to think calmly about an eventual a possible alternative explanation of my message.