> They are frivolous. If a server is installed on a machine, the ports
> to talk to it have to be opened. This is as true to the admin server
> as Firebird server or SSHD.

I did not talk about the server, but about the embedded engine. The
one that is used in applications without any server, that are shipped
on CDs, etc. to the end users, not administrators. There is not
Firebird server, there is no admin server, there is no SSHD.

> Postulating a security problem because of a buffer overflow before the
> code is even written is not exactly a demonstration of good faith.

That's not about good faith for the project, but about the good faith
in regard to people that want to embed Firebird in the application. If
that happens that will strike our customers, not us in the first place.

Why don't you define generic interface to each admin module that might
have only one method execute(char*):char* where the XML is passed and
XML is returned back and some more calls like which calls it works
with, etc. Then your admin server loads these modules the same way
your Y-valve loads providers and dispatches the requests to the code.
This approach leaves the possibility for application developer to talk
to the admin module directly without need to start any server.

Roman