"Jamie Dale" <j.dale@turboz.net> wrote in message
news:4480d8d5@newsgroups.borland.com...
> Btw, how do you know where I am? :~
The message headers of your posts contain the IP address that each message
is posting from. A lookup of those IP addresses shows them to be coming
from the UK. I can see a few other public details about your location, ISP,
and account type that I won't reveil here. Just know that it is all public
information, and I won't be using it for any purpose other than to tell you
that it exists.
> I found it easier to set the form.visible := false; ;)
Like I said earlier, having a hidden TForm inside a running TService is not
a safe thing to do. You really should separate the code, where the core
processing logic is in the service and the UI is in a non-service process of
its own.
> I didn't explain this well did I. Talker.exe is a GUI application/service.
> It has a main form included so that you can input connection details
> and text to send to the other Talker.exe over a network. It also allows
> you to preview the text before you send it to the remote Talker.exe -
> Thus it has a UI.
Nothing in that paragraph should be done in a service at all. You are
interacting with the user. That is best done with a non-service
application. The actual talking can be done in a service, where the
non-service application transmits the text to the service via some form of
inter-process communication. But the UI itself does not belong in a service
at all. You can include the UI in the same .exe file if you wish, but like
I said earlier the startup code would have to detect the mode in which the
.exe is to be run. The same .exe could be running in a service mode in one
process, and in a non-service mode in another process.
> Where can I find "Use Dynamic RTL option" in the D6 IDE?
In the Linker settings of the Project Options.
> Which is why it runs under the system account.... - system does not log
out!
But the GDI resources that get allocated under it can.
> Ah, but then someone would need to know my service is a)installed
> and b) how it works before they can exploit this potential vulnerability.
Says who? A virus or other malicous program could obtain a list of all
processes that are currently running under the SYSTEM account, pick one or
more at random, and try to exploit them without knowing what they actually
are. The more lower level the exploit is, the more irrelevant the
higher-level workings of the exploited software becomes. If the malicious
code targets the OS itself, it would target known weaknesses in the pieces
of the OS that are known to be used by most, if not all, software equally.
> Seeing as I don't release my work (Personal licence) I don't see
> anyone learning of any vulnerability anytime soon..
It is still something to learn about earlier on and keep in mind when the
time comes to write software that you do release to other people eventually.
Gambit
