This isn't a Crystal issue, but a security issue in general. What's to stop someone at any software company from putting the same code in any DLL they create?


>Criag,
>
>I was looking through your Crystal book, in the chapter 15, Integrating
>COM.
>
>I created a test DLL, and in the INIT of the DLL I have:
>
>

>nHandle = FRCREATE("c:\myfile.txt")
>=FPUTS(nHandle, "It worked")
>=FCLOSE(nHandle)
>

>
>This is really nice - the ability to insert a DLL. The question is, what
>is stopping someone from doing:
>
>

>CD c:\winnt
>nTotFiles = ADIR(aFiles, "*.*", "AHRSD")
>FOR nFile = 1 TO nTotFiles
>  cFile = "c:\winnt\" + aFiles[nFile, 1]
>  nHandle = FOPEN(cFile)
>  IF nHandle > -1
>    =FCLOSE(nHandle)
>    ERASE (cFile)
>  ENDIF
>ENDFOR
>

>
>Of course, no sane person would do this. But there is certainly no shortage of
>insane people passing out viruses. This DLL could be sent out and sit dormant
>on a PC forever and a day - until someone runs a Crystal Report.
>
>Is there anyway to control or validate COM objects loaded by Crystal?
>
>Thanks