1. Erwin Anema
  2. PowerBuilder
  3. Wednesday, 14 July 2021 16:24 PM UTC

Hi PowerBuilder community,

Currently, all PowerBuilder runtime DLL files have been signed, which is great.

Part of the PowerBuilder runtime (for PowerBuilder 2019 R3) is pbdwr.pbd.
That file isn't signed as far as I can tell. Perhaps it cannot be signed.

The file extension suggests that this is a regular pbd file.
I know decompilers exist, so I wonder whether this is all fine or if this is something that could be tampered with and therefore is still a vulnerability.

Documentation states it is for datawindows/stores, but it is kind of a weird file in the runtime distribution.
I wonder if this could also not be just a dll and be signed.

Thanks in advance,

Erwin

 

Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Wednesday, 14 July 2021 17:47 PM UTC
  2. PowerBuilder
  3. # 1

Hi Erwin;

   FYI:  If you use the PowerClient feature in R3 and/or the PowerServer feature in PB2021 - you now have this new option ...

HTH

Regards ... Chris

Comment
There are no comments made yet.
Erwin Anema Accepted Answer Pending Moderation
  1. Wednesday, 14 July 2021 18:34 PM UTC
  2. PowerBuilder
  3. # 2

Hi Chris,

Thanks for your reply. The encryption options sounds like a really great improvement.

The specific pbd "pbdwr.pbd" I mentioned is supplied by Appeon as part of the runtime files.
So we have to take that as it is delivered by Appeon.

All Appeon runtime DLLs have been signed now, so this pbd is, for me, an odd one in the runtime files.
Documentation says it is part of the core runtime files, so it seems to be required.
https://docs.appeon.com/pb2019r3/application_techniques/ch09s02.html#Additional

Most likely it cannot be signed, because it is not a dll?

Therefore I wonder, is this tamper free, or can it be altered without immediately being detected.

Kind regards,
Erwin

 

 

 

Comment
  1. Chris Pollach @Appeon
  2. Wednesday, 14 July 2021 18:52 PM UTC
Hi Erwin;

I will check with Engineering as to why this PBD is not signed. You might be correct in that its a PBD vs a true DLL.

PBDs are basically tamper proof but the source code in them can be reverse engineered. However, not with the new PC / PS encryption option enabled.

Regards ... Chris
  1. Helpful
  1. Erwin Anema
  2. Tuesday, 20 July 2021 14:08 PM UTC
Hi Chris,

Thanks for the info with respect to the PBD.



Best regards,

Erwin

  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.