To: discostu
This isn't news. This is how automation testing software works. Everybody that should know already knows about hijacking the message loop. Certainly there are legitimate reasons for an application to send many types of messages to windows it doesn't own. Some of these pose some security risks if unrestricted (e.g. posting keyboard events) but are clearly useful in other cases. Others (e.g. 'save edit field to memory') have no legitimate cross-application use and are the source of the security holes discussed here.
37 posted on
08/08/2002 10:23:28 PM PDT by
supercat
To: supercat
i don't deny that there are potential security issues in the loop. What I deny is that this was something MS has been hiding from people and only astute investigation by watchdoggers have exposed it. Anybody that ever learned Windows programming from the books MS publishes knows about the loop, it's been well documented since the 16-bit days. What I find shocking is that apparently so many people never heard of it before.
40 posted on
08/09/2002 7:59:57 AM PDT by
discostu
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson