Is it acceptable to use a hidden window in a server application on Windows?

I'm thinking about using WSAAsyncSelect in a server. But then I need a window to receive the message.

Is such a (hidden) window acceptable in a 开发者_Go百科server app without a GUI? Can it lead to unexpected problems?

Using a hidden window is probably ok, or even better, use a message only window.

Is there any reason why you can't use WSAEventSelect and events instead?

It can lead to problems, if you react to certain messages that can be broadcast (or sent directly with malicious intent). The proper way is to ignore them under such circumstances. Obviously a "rogue" process could send stuff to your window in its hidden state. The reason I say it can be a problem, because this is exactly what allowed for shatter attacks some years back. Higher privilege processes accepting messages from lower privilege processes.

In newer Windows versions the integrity levels and the ChangeWindowMessageFilterEx function (et. al.) help to lower risks.

Personally I think you didn't give enough data to make an assessment of the situation with the certainty that you probably expect. I just want to make sure you understand that, yes, even for a hidden window there are risks involved and that you should take precautions to mitigate them. But I agree with Anders, why not use WSAEventSelect and drop the window?