Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (2)

Resolved How to sign EXE and PBDs ?

  1. How-to
0
Votes
Undo
  1. Christophe Feyte
    Christophe Feyte
  2. PowerBuilder
  3. Tuesday, 2 June 2020 14:40 PM UTC

Hello,

Recently, one of our client did a security audit of our application.
As a result, he now wants us to sign the EXE and the PBD libraries.
We are currently using PowerBuilder 2019 build 2170 and we saw on a previous post that signing of EXE's is currently not supported, and that we need to use Microsoft's SignTool.
(https://community.appeon.com/index.php/qna/q-a/automatically-sign-a-pb-application#reply-17348)
We want to know if it is still the case for the R2 of PB2019 ?
And most importantly how can we sign the PBDs ?

Thank you.

  1. .EXE
  2. PBD
  3. PowerBuilder (Appeon)
Theme in PB 2021
How to get PrintScreen to print the secondary moni...
Who is viewing this page
Jiri Koukal
Debaparna Saha
Responses (2)
Armeen Mazda @Appeon
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Tuesday, 2 June 2020 15:35 PM UTC
  2. PowerBuilder
  3. # 1

You need to compile to DLLs instead of PBDs.  PBDs cannot be signed but EXE and DLLs can be signed.  

The process to sign the EXE and DLLs should be same as any other EXE and DLLs. Basically, using a certificate and signing tool like signtool.exe.  You might find this Stack Overflow Q&A useful.

Comment
Load more comments
Dan Harrel
  1. Dan Harrel
  2. Monday, 21 March 2022 18:32 PM UTC
I have found this helpful, and have a follow-up question: Is there a drawback to compiling to EXE and PBDs, and then signing only the EXE, compared to compiling to EXE and DLLs, and then signing all compiled output? Thanks!
  1. Helpful
Armeen Mazda @Appeon
  1. Armeen Mazda @Appeon
  2. Monday, 21 March 2022 18:51 PM UTC
PBDs are byte code just like Java or .NET apps, which means it can easily be decompiled, modified, and hijacked. Usually, the motivation for signing the EXE is so Windows stops complaining about unverified publisher. If your motivation is to make your app more secure, you really should be looking at deploying with PowerClient or PowerServer, where the PBDs are encrypted and integrity check is performed before the app starts. PowerServer takes security further than PowerClient by moving all database operations behind the firewall to the server-side... i.e. user's machine has no direct connection to the database. Here is a whitepaper about PowerServer security: https://docs.appeon.com/ps2021/Whitepaper_PowerServer_2021_Security_Measures.pdf
  1. Helpful 1
Dan Harrel
  1. Dan Harrel
  2. Monday, 21 March 2022 19:24 PM UTC
Thanks, Armeen. I really appreciate this.
  1. Helpful
There are no comments made yet.
Chris Pollach @Appeon
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Tuesday, 2 June 2020 15:08 PM UTC
  2. PowerBuilder
  3. # 2

Hi Christophe;

   Please follow the same external procedure for PB2019 R2 as per previous Appeon PB releases.

Regards ... Chris

Comment
Christophe Feyte
  1. Christophe Feyte
  2. Wednesday, 3 June 2020 07:43 AM UTC
Thank you for your answer, you confirmed what we thought.
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.