> At 12/13/2004 07:17 PM (Monday), Alan McDonald wrote:
> >So how does a hacker or even someone who has genuine reason to know, find
> >the path to the security database without asking that the
> sofware installer
> >find the path and register it with the application?
>
> I wrote a UDF which provides the full path of the security DB to
> the user.
> That way I can make the client application independent of the server's
> configuration. Not the most secure thing to do but it does avoid
> some problems.

in hind sight Doug, the door was already (and still is) wide open - there is
an API call which gives you this path.
Alan