Sign the executables for the windows webclient or prowc.exe. - OpenEdge Installation & Deployment - Products Enhancements - Progress Community

 OpenEdge Installation & Deployment

Sign the executables for the windows webclient or prowc.exe.

We would like to sign the executables for the windows webclient or prowc.exe.

 

As per the vulnerability report from our security group:

 

Digitally signing executable and scripts confirms the software author and guarantees that the code has not been altered or corrupted since it was signed by use of a cryptographic hash. Digital signatures ensure the authenticity and integrity of the entities.

Recommendation

The application executable and its components must be digitally signed by a trusted source. 

  • To verify the publisher and to validate the authenticity of an application binary, it must have a valid digital signature that roots to a trusted system certificate authority which means it has to be signed with a digital certificate issued to the company to which this application belongs to.


A valid and legitimate application binary should have the below mentioned entries which helps in identifying the binary as a legitimate application belonging to the Company that owns the application rights: 

  • File Name/Internal Name - Apart from the EXE name of the application binary, it will carry the actual file name with which this binary was compiled.

 

  • File Version - The application binary should carry the proper version details for identifying its build and make properly.

 

  • Company Name - The application binary should carry the company name of the application owner.

 

  • Copyright Information - A valid application binary should have the copyright details of the company it belongs to. It may also deter the possibility of a reverse engineering activity as a Decompilation tools or Debuggers would through up a Copyright Protection warning when it encounters these details in the binary.

 

  • Company Signature - To verify the publisher and to validate the authenticity of an application binary.

 

·        Legal Trademarks - This identifies the legality of the product and the association of the product with the registered company

Comments