View Full Version : Build Script password protection
SHatfield
06-05-2006, 11:56 AM
I have a "Sign Code" build step for signing our compiled setup.exe with our Verisign certificate, and I noticed that it is in clear text in the build script. Anyone with access to the build script can see what our cert password is. This isn't a terrible thing, but I would like for VBP to encrypt the password into the build script so that we don't have to worry about this anymore.
Thanks,
Steven Hatfield
MassMutual Corporation
kinook
06-05-2006, 01:32 PM
If you store your signing certificate in the Windows certificate store, you don't need specify a password on the Sign Code action [1].
Another option would be to store the password in a global macro instead of the .bld file, and reference that macro from the password field. Then only someone with access to the machine where the global macro has been added will have access to the password. You could also store it there encrypted, but VBP won't currently do that for you.
We do intend to provide encryption capabilities in a future release (most likely a level with hard-coded key and another requiring the user to provide a password to unencrypt/open/build; since unless VBP prompts for a password to unencrypt the .bld file, any encrypting that it does will just amount to security through obscurity [2]). But even this doesn't really eliminate the problem, since *that* password still has to be stored and provided in order to build in an automated fashion.
[1] http://www.kinook.com/blog/?p=10
[2] http://en.wikipedia.org/wiki/Security_through_obscurity
Admin note: Implemented in v7
vBulletin® v3.8.11, Copyright ©2000-2024, vBulletin Solutions Inc.