Nobody uses them so they weren’t corrected. At the moment I prepare Rudy Velthuis’ API headers for JEDI API integration. By accident I found some functions which are only available as UNICODE version. However they were also declared as ANSI !? To make it quick, it wasn’t Rudy’s mistake but Microsoft’s. The following functions are [...]

Sometimes it is necessary to retrieve a user’s token or act as a user who is logged on. By default a service uses the SYSTEM token and this leads to a security problem. If a service solves tasks send by another low privileges process (client), the client can do things it shouldn’t do. For this [...]

I found this very interesting article about exceptions. You should read “Ten Things (or more) You Might Not Know About Exception Handling in Delphi” (or get it from  Google Cache) and learn why exception inheritance ist important. The same reason applies to the exceptions of the JWSCL. EJwsclSecurityException is the main exception inherited from generic [...]

The JEDI API & Security Libraries are now listed in ohloh. Ohloh is a software directory that analyzes and monitors open source software development activity. Get to the JEDI project on ohloh directly. The following analyzed statements must be corrected: Short source control history The JEDI API is a very old lady. However, not a [...]

As you may know code is shared among JEDI projects and so is part of the code that I am going to describe in this post. A few years ago I got involved in the JCL project and contributed code that I had written quite a while before. One of the things I always found [...]

Due to massive spam in our comment functions, I decided to add a little protection against automatic comment bots. There are a lot of possible captcha implementations out there, and a lot of them just aren’t useful. However some protection is better than no protection. I’ve read an article about captchas and their strength in [...]

CreateProcess is a little tricky to use. Thus I write the full example code here so you don’t have to worry. uses SysUtils, JwaWindows, JwsclStrings; procedure StartApp(const App, Parameters, CurDir : TJwString); var   StartupInfo: {$IFDEF UNICODE}TStartupInfoW{$ELSE}TStartupInfoA{$ENDIF};   ProcInfo : TProcessInformation;   pEnv : Pointer;   pCurDir,   pCmdLine : TJwPChar; begin   ZeroMemory(@StartupInfo, sizeof(StartupInfo)); [...]

If you try to make your application more secure against external plugins (or better code) by impersonating a low privileged user and then call the plugin function, isn’t that wise. You could also do nothing which has the same effect. Malicious code can easily revert to the process token by calling the API RevertToSelf though. [...]

Whenever you impersonate a running thread and create a new thread while impersonating, your new thread will not get impersonated, too. The new thread will run without any thread token and thus a called function will use the process token instead. So you have to impersonate the new thread again. Ignoring that fact may lead [...]

This is the road map of JWA and JWSCL for the year 2008. Add and test Rudy Velthuis headers for Delphi to JWA (done but needs review) Implement COM interfaces and classes for JWSCL Implement new Winsta (Terminal Service) declarations for JWA and JWSCL Convert embedded source documentation to Doc-o-Matic (of course buy that nice [...]