** This feature is still being developed and will be available in the GA version. **
PowerBuilder 2025 R2 enhances runtime security by introducing features that protect against DLL hijacking and allow developers to control how DLLs are located and validated on the client machine.
DLLs refer to PowerBuilder Runtime DLLs and their dependent third-party DLLs.
The following options are added to the Security tab of the native client/server, PowerClient, and PowerServer project painter:
-
Strict mode option
The Strict mode option limits the DLL search scope strictly to the defined paths, preventing unauthorized or unexpected DLLs from being loaded.
-
For PowerClient/PowerServer projects, the developer can specify the path of the third-party DLLs in the Third-party DLL loading scope > Strict mode section, so that the application loads the third-party DLLs from the specified paths only on the client machine.
When Strict mode is disabled (default), make sure the third-party DLLs are placed in proper locations (such as the Windows system directory, the directory where the runtime DLLs are located etc.) on the client machine.
Note
You should input only the path of the third-party DLLs.
The runtime DLLs will be automatically loaded by the application according to the specified runtime version, for example, %localappdata%\PBApps\Applications\Runtime\25.0.0.3599, ignoring paths specified in Strict mode.
-
For native client/server Application projects, the developer can specify the path of the DLLs (runtime DLLs and third-party DLLs) in the DLL loading scope > Strict mode section, so that the application (to be specific, the pcode executable) loads DLLs from the specified paths only on the client machine. If runtime DLLs and third-party DLLs are located in different folders, you should input multiple paths (separated with semicolons).
When Strict mode is disabled (default), make sure the DLLs are placed in proper locations (such as the directory specified in the runtime path in the application XML, the directory where the application executable file is installed etc.) on the client machine.
-
-
Enable DLL signature verification option
When enabled, PowerBuilder verifies the digital signature of DLLs during application startup.
The DLLs being verified must reside in the same directory as pbvm.dll.
These options are also supported in PBAutoBuild, PBC, and ORCA.
-
PBAutoBuild (applicable to native client/server, PowerClient, and PowerServer projects)
"DllLoadOptions": { "StrictMode": true, "AllowedPaths": "F:\\;", "VerifySignature": true } -
PBC (applicable to native client/server projects)
... /sm y /ap "TestAllowedPaths" /sv y
-
ORCA (applicable to native client/server projects)
set exeinfo property strictmode <true|false> set exeinfo property allowedpaths propertyString set exeinfo property dllsignatureverification <true|false>
