1. SHAMEEM KAKKAD
  2. PowerBuilder
  3. Thursday, 16 May 2024 06:46 AM UTC

Hi Appeon Team,

Just before 2 days, we given our application which we created in Appeon 2022 R2 (1892) for the penetration test and they replied your application is reading more than 100 dlls like PBVM.dll, PBSHR.dll, PBUIS.dll etc.....

 

Attached the report..

 

 

What we do ?

Attachments (1)
John Fauss Accepted Answer Pending Moderation
  1. Thursday, 16 May 2024 15:37 PM UTC
  2. PowerBuilder
  3. # 1

Hi, Shameem -

Perhaps the use of the PowerClient feature (added to PB in version 2019 R3) to deploy and execute the PB application would address this issue?

Here is a link to an overview description of what PowerClient provides:

    https://docs.appeon.com/pb2019r3/whats_new/PowerClient.html

The following link describes working with PowerClient project using PB 2022 R2:

    https://docs.appeon.com/pb2022r2/pbug/creating_a_powerclient_project.html

Best regards, John

 

Comment
  1. SHAMEEM KAKKAD
  2. Friday, 17 May 2024 05:32 AM UTC
Have some internal (our developing team) issue to do the same.
  1. Helpful
  1. Chris Pollach @Appeon
  2. Friday, 17 May 2024 13:47 PM UTC
Hi John;

Since PowerClient and PowerServer App's are installed & run *locally* along with the PB runtime DLLs, these options will not change all these PBXxxxxx.dll's being read by the PB runtime. The only difference is that the App & the PB runtime are deployed via a Web Server vs an installer (ie: like InstallSheild).

Regards .. Chris
  1. Helpful 1
There are no comments made yet.
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Thursday, 16 May 2024 15:27 PM UTC
  2. PowerBuilder
  3. # 2

Hi Shaheem, Please open a support ticket and let our product engineering team look into this: https://www.appeon.com/standardsupport/newbug

Make sure to attached the report to the support ticket.

Comment
There are no comments made yet.
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Thursday, 16 May 2024 14:42 PM UTC
  2. PowerBuilder
  3. # 3

Hi  SHAMEEM;

  I am not sure what the issue is as Appeon has always signed all of it's PB runtime DLLs.

Regards .. Chris

Comment
  1. SHAMEEM KAKKAD
  2. Friday, 17 May 2024 05:45 AM UTC
But, they said this kind of problems are seen in any application, it should not be sold in the market and government will ban directly.
  1. Helpful
  1. Sivaprakash BKR
  2. Friday, 17 May 2024 05:47 AM UTC
Chris,

IMHO.

The issue pointed out in the report is that if a signed DLL is replaced by an un-signed vulnerable program, how to detect and prevent its execution.

  1. Helpful
  1. Sivaprakash BKR
  2. Friday, 17 May 2024 05:51 AM UTC
Shall a self-contained exe (with runtime(s)) do the trick?
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.
We use cookies which are necessary for the proper functioning of our websites. We also use cookies to analyze our traffic, improve your experience and provide social media features. If you continue to use this site, you consent to our use of cookies.