> BeOS allows you to send BMessages to any app. That is how scripting > other apps works. As MS has found out, allowing scripting also allows > hacking. (i.e. VB mail virii) Messages can not be spoofed, but they > don't have to. Right. At least some sort of authentication method needs to be available for BMessages. While BWindows do not immediately offer the strong vulnerabilities (through scripting) that MS's window messaging allows, a cleverly written parasite could easily exploit a *particular* application, especially if the source code for the application were available. (Though, I suspect it might be easy to exploit a BFilePanel and delete files, or, worse, exploit Tracker, launch DiskProbe, and then do whatever -- you get the picture). we could start with having a uid attached to each message. then perhaps having a "key" option, some sort of encrypted item, for those developers who feel they should have "extra strong" security on their messages. Isaac