Remy!!! Ol pal!
I been away for 2 days - Did ya miss me? ;)
>> Btw, how do you know where I am? :~
>
> The message headers of your posts contain the IP address that each message
> is posting from. A lookup of those IP addresses shows them to be coming
> from the UK. I can see a few other public details about your location,
> ISP,
> and account type that I won't reveil here. Just know that it is all
> public
> information, and I won't be using it for any purpose other than to tell
> you
> that it exists.
Ah, yeah IP lookup lol. Besides i was only jestin with ya when I asked lol -
you know light humour.
Besides, ISPs don't give out their clients address's to people except the
law. BTW, it's also a proxy ;)
>> I found it easier to set the form.visible := false; ;)
>
> Like I said earlier, having a hidden TForm inside a running TService is
> not
> a safe thing to do. You really should separate the code, where the core
> processing logic is in the service and the UI is in a non-service process
> of
> its own.
Ok, I'm going to consider this seriously anyway - it would be much easier to
use TCP and control the service from any PC..
>> I didn't explain this well did I. Talker.exe is a GUI
>> application/service.
>> It has a main form included so that you can input connection details
>> and text to send to the other Talker.exe over a network. It also allows
>> you to preview the text before you send it to the remote Talker.exe -
>> Thus it has a UI.
>
> Nothing in that paragraph should be done in a service at all. You are
> interacting with the user. That is best done with a non-service
> application. The actual talking can be done in a service, where the
> non-service application transmits the text to the service via some form of
> inter-process communication. But the UI itself does not belong in a
> service
> at all. You can include the UI in the same .exe file if you wish, but
> like
> I said earlier the startup code would have to detect the mode in which the
> .exe is to be run. The same .exe could be running in a service mode in
> one
> process, and in a non-service mode in another process.
Ok, point taken
>> Where can I find "Use Dynamic RTL option" in the D6 IDE?
>
> In the Linker settings of the Project Options.
It's not there. I googled it and found that this seems to be a C Builder
thing. In D6 and D2005 I could not find it at all. I can screen capture this
if you like..
>> Which is why it runs under the system account.... - system does not log
> out!
>
> But the GDI resources that get allocated under it can.
GDI? - Thats a new one by me!
>> Ah, but then someone would need to know my service is a)installed
>> and b) how it works before they can exploit this potential vulnerability.
>
> Says who? A virus or other malicous program could obtain a list of all
> processes that are currently running under the SYSTEM account, pick one or
> more at random, and try to exploit them without knowing what they actually
> are. The more lower level the exploit is, the more irrelevant the
> higher-level workings of the exploited software becomes. If the malicious
> code targets the OS itself, it would target known weaknesses in the pieces
> of the OS that are known to be used by most, if not all, software equally.
Ok point taken again lol.
>> Seeing as I don't release my work (Personal licence) I don't see
>> anyone learning of any vulnerability anytime soon..
>
> It is still something to learn about earlier on and keep in mind when the
> time comes to write software that you do release to other people
> eventually.
That won't happen. With Borlands prices I can't afford a releaseable licence
type. Not unless I a) download a pirate version and hope no-one @ borland
stumbles onto my .exe with a decompiler... OR b) They donate me a licence -
Can't see that happening. I'm poor I can not afford £££ for their products -
because they are rich I must be too apparently.
Jamie
