Home PowerBuilder Appeon Documentation Center

Home PowerBuilder Appeon Documentation Center

PowerServer 2022 R3 Help
Configure the PowerServer project

Prev | Up | Next

Security page

The Security page has the following settings:

Option or option group	What you specify
Encrypt all the compiled p-code files	Select whether to encrypt the object files when compiled from the PowerBuilder dynamic libraries.
Validate the application integrity before the app runs	Specify whether to validate the hash of every object file before they are loaded, so that files changed illegally will not be run.
Auth Template	Specify the authentication template for PowerServer Web APIs. For more information, refer to Select an authentication template.
Signing	Select whether to digitally sign the application executable file (appname.exe). You can sign the file using a PFX file or a token. (To sign with an HSM (Hardware Security Module), you can only use the "Use your own signing script" option.) To use the "Use the SignTool utility from the Windows SDK" option to sign the application executable file: When Certificate Type is PFX file, specify the SignTool location, certificate path, certificate password, signature algorithm, and URL of the time stamp server. And make sure Microsoft’s SignTool has been installed on the current machine. When Certificate Type is Token-based, specify the SignTool location, certificate thumbprint, signature algorithm, and URL of the time stamp server. The certificate thumbprint is the unique identifier of a certificate. You are required to specify the certificate thumbprint only if you have multiple certificates. If there is only one certificate, you may leave the field empty. To use the "Use your own signing script" option, you should place the signing scripts in a file (with file extension as .cmd) and then select the file under the "Use your own signing script" option. To sign with an HSM (Hardware Security Module), you can only use the "Use your own signing script" option. Take the PFX file for example, To sign the application executable file (appname.exe) without dynamic parameters, you may create a cmd file which contains the following scripts (using Microsoft’s SignTool for example): signtool.exe sign /f mycert.pfx /p password /d "My application" /du http://www.mytest.com /fd sha256 /tr "http://timestamp.digicert.com" /td sha256 salesdemo_cloud.exe And then in the "Use your own signing script" field, input the file path of the cmd file, for example: D:\test\test.cmd To sign the application executable file (appname.exe) with dynamic parameters, you may create a cmd file which contains the following scripts: %4 sign /f %5 /p %2 /d "My application" /du test /fd sha256 /tr %3 /td sha256 %1 And then in the "Use your own signing script" field, input the file path of the cmd file and the parameter values (using Microsoft’s SignCode for example): "D:\test\test_param.cmd" "salesdemo_cloud.exe" "password" "http://timestamp.digicert.com" "D:\test\signcode.exe" "D:\test\mycert.pfx" In the above example, the parameters are passed as follows: Parameter 1: Application executable file name, for example, "salesdemo_cloud.exe" (%1) Parameter 2: Certificate password (%2) Parameter 3: URL of the timestamp server (%3) Parameter 4: Path to the code signing tool (%4) Parameter 5: Path to the digital certificate (%5) Take the token for example, To sign the application executable file (appname.exe) without dynamic parameters, you may create a cmd file which contains the following scripts (using Microsoft’s SignCode for example): signcode.exe sign /fd SHA256 /a /sha1 "13731a37233bbd83eeb13e95c7898d1d76a2256c" /tr http://timestamp.digicert.com "salesdemo_cloud.exe" And then in the "Use your own signing script" field, input the file path of the cmd file, for example: D:\test\test_token.cmd To sign the application executable file (appname.exe) with dynamic parameters, you may create a cmd file which contains the following scripts: %1 sign /a /fd sha256 /sha1 %2 /tr %3 /td sha256 %4 And then in the "Use your own signing script" field, input the file path of the cmd file and the parameter values (using Microsoft’s SignCode for example): "D:\test\test_token_param.cmd" "D:\test\signcode.exe" "13731a37233bbd83eeb13e95c7898d1d76a2256c" "http://timestamp.digicert.com" "salesdemo_cloud.exe" In the above example, the parameters are passed as follows: Parameter 1: Path to the code signing tool (%1) Parameter 2: Certificate thumbprint (%2). You are required to specify the certificate thumbprint only if you have multiple certificates. Parameter 3: URL of the timestamp server (%3) Parameter 4: Application executable file name (%4) To avoid repeatedly entering the UKey password (for instance the screen is locked or the system is restarted), you can use the "Use your own signing script" option and specify the token password in the signing commands, for example: "D:\test_newsign\signcode.exe" sign /fd SHA256 /a /sha1 "13731a37233bbd83eeb13e95c7898d1d76a2256c" /tr http://timestamp.digicert.com /td SHA256 -f "D:\test_newsign\cersign.cer" /csp "eToken Base Cryptographic Provider" /K "[{{appeon0418}}]=p11#f408f337487afa2d" "echarts_cloud.exe" -f: Specifies the code signing certificate file /csp: Specifies the cryptographic service provider (CSP) that contains the private key container /K: Specifies the token password and private key container name in this format: "[{{TokenPasswordHere}}]=KeyContainerNameHere" Note: 1) When writing scripts in the .cmd file, please follow the rules of Windows commands. If there are any exceptions or errors in the logs after configuring the "Use your own signing script" option, try running the scripts in the Windows Command Prompt or Windows PowerShell to identify the issue. 2) For .cmd files without dynamic parameters, both the directory name and the .cmd file name can contain spaces. However, for .cmd files with dynamic parameters, the directory path should not contain spaces, while the .cmd file name itself can contain spaces. 3) When entering the file path of the .cmd file in the "Use your own signing script" text box, follow the standard rules for accessing file paths in Windows. If the file name or path contains spaces, use double quotes to avoid escape errors. It is recommended to use absolute paths for the .cmd file and the parameters. After the executable file is generated and before it is deployed to the server, PowerBuilder will sign the executable file using your own signing scripts or using the SignTool settings you specified. Make sure the PowerBuilder user has the appropriate rights to access the time stamp server and sign files.
Manifest Information	Select whether to generate a manifest file (either external or embedded) and to set the execution level of the application. For further information, see Attaching or embedding manifest files in PowerBuilder User Guide.

Prev	Up	Next
Application page	Home	Database page

Contents
Search

loading table of contents...

Search Highlighter (On/Off)