… and then for levels 2 and 3 there is a Key Mechanism.
Before I get into levels 2 and level 3, you should also be aware of the following. A Genero application has two processes, the fglrun process on the back end server, and in the case of GDC applications, the gdc.exe running on the users PC. What you need to consider is to ask yourself, what process is initiating the application start. When you are developing, you will most likely execute
fglrun program-name on the command line (or execute from Genero Studio which deep down does the same thing), so the initiating action is the fglrun on the back end. On the other hand A user will most likely start an application by double clicking on a short-cut on the desktop that starts the GDC and launches a program on the back-end server. The key thing for the user is the initiating action is the gdc.exe on the front-end.
This initiating action is the key thing in security levels 2 and 3 as it allows the Key Mechanism to function. You can read the key mechanism details here but the key thing is that the GDC sends some keys as part of its initial connection to the server and launch of the fglrun process. When the fglrun process starts and connects back to the GDC, there are checks in place that ensure that the GDC is only allowing a connection from an fglrun process that it knows that itself started, as opposed to someone sitting at the terminal typing fglrun …
The default security level is 2, and the difference between level 2 and level 3 is that if the Key Mechanism doesn’t succeed, level 2 still allows the user to override with the Security Connection Message dialog.
You should also note that the Important tip about Security Levels 2 and 3 “This only comes into effect when using a direct connection shortcut to start an application.”. The alternative to a Direct Connection shortcut is to use HTTP connection shortcut and that has the property that the front-end process is initiating the connection.
The final piece on the puzzle is the –listen command line argument. This also helps lock the door in that only connections from localhost will be let in by default. So that example I gave with your colleagues PC at the beginning. If that doesn’t work for you, try also
--listen ANY at the same time you set