[Gambas-user] Security, how to check if a library is genuine?

Christof Thalhofer chrisml at deganius.de
Thu Aug 19 14:36:16 CEST 2021

Am 19.08.21 um 08:28 schrieb bb:

> I am working on a non-intrusive authorisation method to see if a user
> is allowed to run an application. In order to do so they must belong to
> a specific hardcoded group.
> It is (currently) implemented as a library. So the actual library
> "could" be replaced by a user with another library that just returns
> true.
> So, does anyone have a good idea how the application could check
> whether "authlib" is the genuine library?

For sure by cryprographically signing the lib's binary. But then you 
need a CA with which you can issue certificates that can be used to 
verify the signature.

Alles Gute

Christof Thalhofer

Dies ist keine Signatur

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.gambas-basic.org/pipermail/user/attachments/20210819/62b963b5/attachment.sig>

More information about the User mailing list