Security for Autoupdater


1 comment

  • Avatar

    Hi John,

    Please accept my sincere apologies for the late response, I didn't see your post until now. Regarding your questions, I've added my comments below:

    • Is it possible to obfuscate (or remove totally) the ini file required on client side

    It's not possible to completely hide the ini file. However I reckon that if someone is able to edit the program's settings it would be less of a fuss for them to download some malicious or remote access software directly.

    •  Is there a way to use client side certificates to authenticate with server. I read that user name / password can be passed by command line call by this would be simple to find (e.g. auditd).

    Unfortunately this is currently not supported.


Please sign in to leave a comment.