> Just because this is a wider problem doesn't mean that UO > shouldn't be called on it.
So how would you go about it? UO is a tool for developers. As such, it's strength is that it is able to do anything a developer needs it to do. It is clean client/server middleware and so it can't launch a menu system or anything else that requires interaction at the server. So how can it tell the difference between a legitimate connection from a controlled application, and an illegitimate connection from e.g. a piece of VBScript hacked into notepad? The only way is to add a new security layer to the server. And if you insist on that there are a lot of applications out there that will simply stop running. Witness how many UniVerse sites have jumped to convert their old accounts into SQL schema with proper permissions and constraints. (I haven't seen any). So a hole it may be, but I guess we're stuck with it. Brian ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
