When I execute a Xojo stand alone, I get:
How can I remove that image ?
It basically says that the application editor is unknow
and ask if you really want to execute that application.
Because I am the creator, I click in Exécuter (open), but an average user will not.
[quote=114498:@Emile Schwarz]When I execute a Xojo stand alone, I get:
How can I remove that image ?
It basically says that the application editor is unknow
and ask if you really want to execute that application.
Because I am the creator, I click in Exécuter (open), but an average user will not.[/quote]
You need to digitally sign your executable.
Thank you Michel.
Why Xojo does not do it for us (or something like that) ?
The ISP (for Free WiFi at McDonalds France) filter that address (or it is broken) !
A search with google allow me to think that it is a paying option.
Double peine ?
One have to pay for Xojo, pay for CodeSign, Pay for PlugIns, Pay for lessons (how to use whtever you want to do), pay after my death, pay, pay, pay !
BTW: Here is a free hello !
Worst, I found (Google) a sentence that says: “Download the FREE kSign code signing software”, and so I click in that link, get the page, but a search in that page does not found the string.
I found it in a meta when I open the page html code.
Hi Emile,
It’s:
http://codesigning.ksoftware.net/
You still however have to pay for the secure certificate, which is $95 a year. It’s the signing software that is free.
Xojo can’t help us here as the point of the certificate is to prove who is the developer of the software and it’s not been tampered with. If Xojo signed them it wouldn’t prove anything other than Xojo signed the app. If they did, we could develop malware and have it signed by Xojo and people couldn’t trace it back to us. It’s basically like the Apple third party developer certificate that you can sign up for. That allows you to sign your apps and they will then pass Gatekeeper validation. It also means Apple can trace back the app to whoever the developer certificate is assigned to.
Theoretically we could still buy a certificate and sign malware, but most malware writers won’t bother going to the expense. Also, as the certificate ties that software to you, you’d be a bit silly to write malware and put your own name on it!
Thank you Richard.
We have entered in a brand new area wih all these “secure” things vs the previous way of writing software.
Of course, using someone else signing ID have to be avoided.
Note that I was a bit angry when i was asking another $100 to provide free software !
(yes, $95)
The only time I have ever seen this kind of message was when a virus had claimed ownership of files with the EXE extension.
Im currently selling unsigned EXEs happily on a daily basis, and haven’t had one report of this issue from my customers.
It doesn’t look like code signing is the issue to my layman’s eye.
Do other exes on the same machine have this problem?
I once bought a certificate. You need a file for Windows in pfx file format. Than you can use the sign tool from Windows:
signtool sign /f W:\path\certfiicatefile.pfx /p “password” /t “http://timestamp.globalsign.com/scripts/timestamp.dll” “c:\test.exe”
[quote=114525:@Emile Schwarz]Thank you Richard.
We have entered in a brand new area wih all these “secure” things vs the previous way of writing software.
Of course, using someone else signing ID have to be avoided.
Note that I was a bit angry when i was asking another $100 to provide free software !
(yes, $95)
[/quote]
Microsoft started requiring digitally signed software quite a while ago, XP if I remember right, but nobody cared because the warning message was not evident. Today Windows 8 refuses outright to open the file, unless you click on “more”, and “run anyway”. Incidentally, Apple does too with GateKeeper.
This is intended to protect developers and users from unauthorized patches.
If your app is free, you could probably distribute it without signing it, and make sure you put a documentation to tell users what to do.