>>>Happy New Year! And does anybody have experience confirming that
>
>>>a) The running VFP exe's digital signature is valid, and
>>>b) That it is signed by us, or a named signatory.
>
>>I have no answer about signatures, but I wonder if you could achieve something similar using hashes/digests of EXE, DLL or other files.
>
>Will give it a try, thanks. VFPC++ compiler already checks to make sure the app dll version matches the exe, so perhaps it's possible also to do a checksum- though it's not possible to save the resulting checksum into the app without altering it(!) I'm thinking that the digital signature is there for this exact purpose, so it's a shame it's made so difficult to check it...
If you use a loader approach, you could compute an SHA-style hash of the main EXE and compare that to the results of a query to a website you control i.e. what the value should be.
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up