> So how can it tell the difference between a legitimate connection from a > controlled application, and an illegitimate connection from e.g. a piece of > VBScript hacked into notepad?
The easy answer is that it cannot. We had to think very hard about this when we designed the equivalent of Uniobjects for QM (this is not a plug!). The only watertight solution seems to be to give the user the option to restrict what can be done over a client connection. Our highest level of restriction limits the client connection to calling only subroutines that are built with a special compiler directive. This works well for us. Perhaps UV/Udt need to do something similar. Don't forget to ban incoming connections to the appropriate port in your firewall if you use UniAdmin in-house and don't want hackers finding their way in from outside. A determined hacker will find a user name/password given long enough. Martin Phillips Ladybridge Systems 17b Coldstream Lane, Hardingstone, Northampton NN4 6DB +44-(0)1604-709200 ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
