1. Song Tom
  2. PowerBuilder
  3. Friday, 16 August 2024 05:12 AM UTC

Dear Supporter:

 

       We got a security question to ask your advice,  early this week, our security team has carried out a Penetration test on our application, in which they said that our application need a code signing certificate, I remembered JAVA application can sign that with a certification tool, no sure exe or dll files built by Powerbuilder can also do that, would you mind give us an advice, thanks  a lot 

Andreas Mykonios Accepted Answer Pending Moderation
  1. Friday, 16 August 2024 09:10 AM UTC
  2. PowerBuilder
  3. # 1

Hi.

It can be done. If you are deploying standard executables then you have to do that manually. If you are on PB 2019R3 or later, and deploying using powerclient, there is a tab to sign the generated executable. The same option is also available in PB 2021 and later when creating cloud apps (powerserver).

To sign an executable, you have to use Microsoft SignTool. This is a command line tool to digitally sign and verify signatures in files. But, code signing should not only applied in exe but also in pbd, dll's that accompanies your application. And you must have in mind that you have to check that those file's signatures are valid... If a signed file is somehow tampered, this doesn't mean it won't execute... The issue will be it doesn't contains a valid signature (or it isn't signed at all)... But you will have to check that. There is also a good chance that antivirus will detect that as an issue.

Take a look at the following links:

Authenticode signing (appeon.com)

security - Can signed executables be tampered with while retaining the integrity of the signature? - Stack Overflow

Doing some search in this forum or by googling you could find more results.

Andreas.

Comment
  1. mike S
  2. Friday, 16 August 2024 14:35 PM UTC
"there is a tab to sign the generated executable"

with the new cert requirements (as of 2023 and not appeon requirements), you now need to use either a physical USB token or a cert repository or a cert service.



either way makes it more complicated than back when you could use a cert file. So you may end up needing to write a command line file. The command line file can be run from the referenced tab in the project (at least in current versions of PB).

  1. Helpful 1
  1. Song Tom
  2. Thursday, 22 August 2024 07:11 AM UTC
So far, In my PB2017 there is no such tab:(
  1. Helpful
  1. Roland Smith
  2. Thursday, 22 August 2024 14:04 PM UTC
The tab only exists when creating a PowerClient project which is a new feature not found in 2017.
  1. Helpful 1
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.