Criag,
I was looking through your Crystal book, in the chapter 15, Integrating
COM.
I created a test DLL, and in the INIT of the DLL I have:
nHandle = FRCREATE("c:\myfile.txt")
=FPUTS(nHandle, "It worked")
=FCLOSE(nHandle)This is really nice - the ability to insert a DLL. The question is, what
is stopping someone from doing:
CD c:\winnt
nTotFiles = ADIR(aFiles, "*.*", "AHRSD")
FOR nFile = 1 TO nTotFiles
cFile = "c:\winnt\" + aFiles[nFile, 1]
nHandle = FOPEN(cFile)
IF nHandle > -1
=FCLOSE(nHandle)
ERASE (cFile)
ENDIF
ENDFOROf course, no sane person would do this. But there is certainly no shortage of
insane people passing out viruses. This DLL could be sent out and sit dormant
on a PC forever and a day - until someone runs a Crystal Report.
Is there anyway to control or validate COM objects loaded by Crystal?
Thanks
Everything makes sense in someone's mind
public class SystemCrasher :ICrashable
In addition, an integer field is not for irrational people
