John,

I think George has given me what I was looking for. Thanks for the further clarification about REG_BINARY or REG_DWORD.

Mike

>Mike,
>
>Checkout REGISTRY.PRG in the HOME(2)+"classes" directory. I think you'll find the SetRegKey() function pretty legible and esy to use. Also, don't get too much hung up on this being a REG_BINARY or REG_DWORD. Either way, the value should be set to zero for the most security and zero = zero regardless of value type.
>
>
>>How about this: consider the problem to be that of creating a generic UDF to update a given registry entry with a specified REG_DWORD type of value. A complementary UDF to retrieve a given REG_DWORD value would also be useful. As I mentioned before, the FCC's registry class only supports REG_SZ.
>>
>>Yes, I undertand that it sounds simple, yet, to date no one has found it to be so simple as to simply post the code. Surely there are many people more qualified to do this than I, yourself included. On the other hand, I may be the most qualified (or at least the most motivated) to thoroughly test it. I've wasted a few days on this already, John, so I hope you don't think I'm too lazy! :-)
>>
>>Of course I could spend still more time looking for the answer, but I have other more pressing tasks to attend to at the moment. Lacking any further assistance, it will probably be quite a while before I get around to making this particular fix. On the other hand, if anyone would care to supply the required generic registry maniputation logic, I would be strongly inclined to incorporate and test those program changes without delay, and I will gladly share the results with all. I do think it would be in everyone's best interest to have a clear resolution of this security flaw as soon as possible. Does that sound fair?
>>
>>Mike
>>
>>>Hi Mike,
>>>
>>>I understand your position about doing a service posting some code. I am sympathetic. But I'm hoping that you can understand my position.
>>>
>>>I have already identified what needs to be done to ensure that the security flaw can be overcome. I've identified the registry keys and the FFC class library that can be used in inline code to check and/or change that registry value. It can be done in a few lines of code using the registry classlib. Honestly, it's that simple!
>>>
>>>However, I won't post that code. As a Microsoft employee, any code I post is "code from Microsoft". Posting code that tweaks a registry entry covered by an official security patch is not something I'm comfortable with.
>>>
>>>I'm truly sorry about that limitation, Mike, and I will be more than happy to help you arrive at your own solution and I would hope that when you do you share that solution with others.
>>>
>>>
>>>>You would be doing us all a service by posting the small piece of VFP code needed to avoid propagating this security flaw when distributing VFP6 runtime applications. Surely no one would have reason to find fault in an inconsequential deviation from the current patch, which is known to be inadequate.