Monday, 15 July 2013

c# - securing a clickonce update location -


I have an app that publishes and updates from a HTTP update location (I published on the host's FTP site And update from website).

The published HTML page is very easy because I can install the app anywhere on any machine, anywhere without media. The problem is, so can someone else save me the update location so that only authorized users can install the click-ins's auto-update feature without any apps?

Is this an internal application? If so, you can exclude publ.htm page from your deployment. You will then simply use the application manifest link to install, which should stop installing, it will not affect automatic updates. It may be sufficient ambiguity for your purposes.

Do not forget that you can dynamically reveal applications by using a little bit of asp.net which will only appear for your intended users. The other advantage of this is that you can isolate a small group of users while rolling out the new version.

Just one thought.


No comments:

Post a Comment