HomePowerBuilderAppeon Documentation Center

Security page

The Security page has the following settings:


Option or option group

What you specify

Auth template

Specify the authentication template for PowerServer Web APIs. For more information, refer to Select an authentication template.

Whether to ignore server certificate

Select or input a value or a sum of values, if you want the installable cloud app to ignore certain type(s) of server certificate error when sending a request. For more information, refer to Ignore server certificate errors.

Enable HMAC-based client message authentication

Specify whether to use the HMAC (Hash-based Message Authentication Code) algorithm to safeguard the request data from tampering. (Note: the response data is not authenticated using HMAC.)

When the client sends a request, it generates a unique authentication code based on the request data; the server receives the request and verifies the authentication code to ensure the data has not been altered. This option prevents unauthorized modifications and provides extra protection through encryption and authentication, keeping data secure and unchanged.

Do not select this option if you want to perform load-testing for the application, otherwise you will get this error when replaying the test script: "Session fails to respond (Invalid session)".

Encrypt all the compiled p-code files

Select whether to encrypt the object files when compiled from the PowerBuilder dynamic libraries.

Validate the application integrity before the app runs

Specify whether to validate the hash of every object file before they are loaded, so that files changed illegally will not be run.

Signing

Select whether to digitally sign the application executable file (appname.exe).

For step-by-step instructions, refer to Code Signing > Using PowerBuilder code signing options.

To use the "Use the SignTool utility from the Windows SDK" option:

  1. When Certificate Type is PFX file, specify the SignTool location, certificate path, certificate password, signature algorithm, and URL of the time stamp server.

  2. When Certificate Type is Token-based, specify the SignTool location, certificate thumbprint, signature algorithm, and URL of the time stamp server.

To use the "Use your own signing script" option, you should place the signing scripts in a .cmd file and then select the file under the "Use your own signing script" option. You can take advantage of this option and dynamic parameters to make your script reusable.

Manifest Information

Select whether to generate a manifest file (either external or embedded) and to set the execution level of the application.

For further information, see Attaching or embedding manifest files in PowerBuilder User Guide.


Prev  Up  Next
Application page  Home  Database page