Security for Autoupdater


1 comment

  • Avatar

    Hi John,

    Please accept my sincere apologies for the late response, I didn't see your post until now. Regarding your questions, I've added my comments below:

    • Is it possible to obfuscate (or remove totally) the ini file required on client side

    It's not possible to completely hide the ini file. However I reckon that if someone is able to edit the program's settings it would be less of a fuss for them to download some malicious or remote access software directly.

    •  Is there a way to use client side certificates to authenticate with server. I read that user name / password can be passed by command line call by this would be simple to find (e.g. auditd).

    Unfortunately this is currently not supported.


    Comment actions Permalink

Please sign in to leave a comment.