JWSCL uses (rarely) the DEBUG compiler condition definition like in “What is the internal variable TJwSecurityID.fDbgData for?“. However there is no “RELEASE” directive. Why? The reason is simple: There is no need for. If you don’t define DEBUG, JWSCL will be compiled without any debug codes. If you need a release condition, you can [...]

Nobody uses them so they weren’t corrected.
At the moment I prepare Rudy Velthuis’ API headers for JEDI API integration. By accident I found some functions which are only available as UNICODE version. However they were also declared as ANSI !? To make it quick, it wasn’t Rudy’s mistake but Microsoft’s. The following functions are only [...]

Sometimes it is necessary to retrieve a user’s token or act as a user who is logged on. By default a service uses the SYSTEM token and this leads to a security problem. If a service solves tasks send by another low privileges process (client), the client can do things it shouldn’t do. For this [...]

I found this very interesting article about exceptions. You should read “Ten Things (or more) You Might Not Know About Exception Handling in Delphi” (or get it from  Google Cache) and learn why exception inheritance ist important. The same reason applies to the exceptions of the JWSCL. EJwsclSecurityException is the main exception inherited from [...]

The JEDI API & Security Libraries are now listed in ohloh. Ohloh is a software directory that analyzes and monitors open source software development activity.
Get to the JEDI project on ohloh directly.
The following analyzed statements must be corrected:

Short source control history
The JEDI API is a very old lady. However, not a long time ago [...]

As you may know code is shared among JEDI projects and so is part of the code that I am going to describe in this post. A few years ago I got involved in the JCL project and contributed code that I had written quite a while before. One of the things I always found [...]

Due to massive spam in our comment functions, I decided to add a little protection against automatic comment bots. There are a lot of possible captcha implementations out there, and a lot of them just aren’t useful. However some protection is better than no protection. I’ve read an article about captchas and their strength [...]

CreateProcess is a little tricky to use. Thus I write the full example code here so you don’t have to worry.

uses SysUtils, JwaWindows, JwsclStrings;

procedure StartApp(const App, Parameters, CurDir : TJwString);

var

  StartupInfo: {$IFDEF UNICODE}TStartupInfoW{$ELSE}TStartupInfoA{$ENDIF};

  ProcInfo : TProcessInformation;

  pEnv : Pointer;

  pCurDir,

  pCmdLine : TJwPChar;

begin

  ZeroMemory(@StartupInfo, sizeof(StartupInfo));

  StartupInfo.cb          := SizeOf(StartupInfo);

  StartupInfo.lpDesktop   [...]

If you try to make your application more secure against external plugins (or better code) by impersonating a low privileged user and then call the plugin function, isn’t that wise. You could also do nothing which has the same effect. Malicious code can easily revert to the process token by calling the API RevertToSelf though.
If [...]

This is the road map of JWA and JWSCL for the year 2008.

Add and test Rudy Velthuis headers for Delphi to JWA (done but needs review)
Implement COM interfaces and classes for JWSCL
Implement new Winsta (Terminal Service) declarations for JWA and JWSCL
Convert embedded source documentation to Doc-o-Matic (of course buy that nice software) (JWSCL)
Create tons of [...]