Menu
We produce a content management system. It's a database-based system, used only by businesses and organizations, and never downloadable from the Internet. That is, it's not the kind of software someone might stumble upon and wonder what it is and whether it's safe to run. Over the 20+ years our system is being sold, its executables have never been digitally signed. Is it time for us to start signing them?
For starters, I can think of a few pros and cons:
549
Pro: If using Verisign certificates, Windows Error Reporting can be used
Actually, to use Windows Error Reporting you need Verisign or other code accepted signing certificate, but you need the certificate only to access the WinQual system. The exe itself does not have to be signed at all, the error reporting works absolutely fine on unsigned exes as well.
Con: Signing has some maintenance overhead, how much I don't know. Would love to here from you...
The maintenance overhead highly depends on the quality of your build pipeline. If you build your application manually, then yes, it means a few more steps. However, if you have a build pipeline and your builds are automated, code signing means adding a few lines into the build scripts and storing the private key of the code signing certificate so that the build can access it (if you have a build server, your code signing certificate will most likely need to be stored on it).
Pro: When Vista/7 show one of those annoying UAC messages, signed apps are presented a bit more nicely
As for UAC prompt - does you application really need elevated or admin privileges to run? The best way to avoid this prompt is not to require any elevated privileges at all.
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
