I try to write an autoupdate function for a .DLL (developed by me, written in PB).
I could build a simple FTP downloader into this .DLL. What I download will be text files containing my securely encrypted stuff coded Base64. I'll be using a public key system in order to make sure the code is coming from me and only from me. The key length I uese is such, that hacking is in vain, I have plenty of time to encode and decode... So I'm completely confident about the security of my code.
Now what I'm afraid of is, that I'll run into security problems on some of those PC's. I most often get granted administrative rights during installation (and for updates too). So I could allow a tunel through the software firewall on every system. But it is not always the case. The customers expect me to do updates. Today I use VPN clients - each running on a virtual machine of it's own - to build up connections to those PC's, log in as admin and update the software. I tell you this is cumbersome and tedious...
At update time useres will usually not have administrative rights.
The systems I install this software on belong to a wide variety of customers, so they are quite heterogenous. Administrators will clean out machines, replace OS and so on... It would definitfely be an advantage, if I do not need to have access to the settigns of the firewall. I know a lot of professional software is able to do such downloads.
All my customers have a security concept with firewalls securing the internet access of the company. Some will prohibit FTP at this level, some not. But all will allow .TXT or .HTML downloads by means of IE.
I somewhere read it is possible to download the files by automating IE. Thus the download will get the rights of IE, and IE is always allowed to download .TXT or .HTML (could put my stuff in HTML too). If I can store either format I'll be able to extract my information later with my .DLL.
1) Does anyone have experience and/or codesamples how my idea with IE could be realized?
2) Any other ideas how I can avoid dealing with the settings of the software firewalls on those machines and download my stuff.
Thanks for your support
I could build a simple FTP downloader into this .DLL. What I download will be text files containing my securely encrypted stuff coded Base64. I'll be using a public key system in order to make sure the code is coming from me and only from me. The key length I uese is such, that hacking is in vain, I have plenty of time to encode and decode... So I'm completely confident about the security of my code.
Now what I'm afraid of is, that I'll run into security problems on some of those PC's. I most often get granted administrative rights during installation (and for updates too). So I could allow a tunel through the software firewall on every system. But it is not always the case. The customers expect me to do updates. Today I use VPN clients - each running on a virtual machine of it's own - to build up connections to those PC's, log in as admin and update the software. I tell you this is cumbersome and tedious...
At update time useres will usually not have administrative rights.
The systems I install this software on belong to a wide variety of customers, so they are quite heterogenous. Administrators will clean out machines, replace OS and so on... It would definitfely be an advantage, if I do not need to have access to the settigns of the firewall. I know a lot of professional software is able to do such downloads.
All my customers have a security concept with firewalls securing the internet access of the company. Some will prohibit FTP at this level, some not. But all will allow .TXT or .HTML downloads by means of IE.
I somewhere read it is possible to download the files by automating IE. Thus the download will get the rights of IE, and IE is always allowed to download .TXT or .HTML (could put my stuff in HTML too). If I can store either format I'll be able to extract my information later with my .DLL.
1) Does anyone have experience and/or codesamples how my idea with IE could be realized?
2) Any other ideas how I can avoid dealing with the settings of the software firewalls on those machines and download my stuff.
Thanks for your support
Comment