[Gambas-user] Security, how to check if a library is genuine?
Christof Thalhofer
chrisml at deganius.de
Thu Aug 19 14:36:16 CEST 2021
Am 19.08.21 um 08:28 schrieb bb:
> I am working on a non-intrusive authorisation method to see if a user
> is allowed to run an application. In order to do so they must belong to
> a specific hardcoded group.
> It is (currently) implemented as a library. So the actual library
> "could" be replaced by a user with another library that just returns
> true.
>
> So, does anyone have a good idea how the application could check
> whether "authlib" is the genuine library?
For sure by cryprographically signing the lib's binary. But then you
need a CA with which you can issue certificates that can be used to
verify the signature.
Alles Gute
Christof Thalhofer
--
Dies ist keine Signatur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.gambas-basic.org/pipermail/user/attachments/20210819/62b963b5/attachment.sig>
More information about the User
mailing list