Currently, when upgrading from one version of InstallAware to another, our employees must download a Windows executable from http://www.mimarsinan.com/customers/material/...
The download is not protected by https, and it is not digitally signed. This is unacceptably insecure, as a man-in-the-middle attack involving only DNS compromise could allow an attacker to distribute a maliciously modified exe to one of your customers.
Our corporate firewall by default blocks all .exe files downloaded over plain http. This is now the default for several enterprise-grade firewalls.
Could you please start hosting those license files over https and please sign them with Authenticode?
For all your non-technical questions.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests