Steve, this is an idea that Bryce raised before, and that was only discussed briefly, but is there a way to validate the "context" of the process requesting the de-cryption. That is to say, in the ActiveX control, either validate some kind of security token, or somehow ensure that the process making the request is "the login process", know what I mean ? Think that that might be tough for even a non-casual hacker to spoof (don't know) ...

-Shawn

Maybe you/we could ask Ruud how he implemented the @LOGONMODE macro ? [Wink] Oh yeah, and I guess a potential problem with this idea is that your crypto-activex could only be used in a login script, not in an admin script (which is what I would have used it for) ... would also make it a nuisance to test (eg, has to be in logonmode to work), but that might be a good thing !

[ 31 May 2002, 21:04: Message edited by: Shawn ]