Hi Vailton, >> * contrib/hbnetio/utils/netiocmd.prg >> ! Fixed remote execution protection to work even when >> the source was compiled from another directory. >> ; QUESTION: Is there a better way to make this kind of >> protection? Current system will break if >> the source filename of the caller happens to >> change in the future. > > I'm sure it is not. But as I would like to separate these commands in > a separate source, this was my first idea. If only validate the > routine name calling instead of the name + source is already seen as > something safe, we can simplify the process of validation.
I don't know, to me it looks like a very light protection. I feel that _any_ hbnetiosrv setups with unlimited RPC enabled is inherently unsafe with or without such tricks. After all the protected function is just one more public function calling other public functions, which are available anyway. If harm can be done, it can be done regardless of protection. For example client could call __QUIT() function anytime to shutdown the server. It's pretty difficult to create an executable to sort out all potentially harmful public function which gets linked via various dependency paths. What do you think? Brgds, Viktor _______________________________________________ Harbour mailing list (attachment size limit: 40KB) Harbour@harbour-project.org http://lists.harbour-project.org/mailman/listinfo/harbour
