I have created a desktop application (stand-alone application, Windows). I use Install Shield Express to create a setup.exe file so potential buyers can download from my web page. Testing it out on a separate PC with Norton Security install, the setup.exe file is declared a security risk and is deleted. Norton Security is also installed on the PC where the Desktop application is developed.
I ran FlexNet Code Aware on the Desktop application (developer PC) and several issues came up. It appears 4D is using OpenSSL v0.9.8 several places in this compiled version and OpenSSL v1.0.2k. OpenSSL v0.9.8r has security issues considered high risk. There is a security issue with OpenSSL v1.0.2k as well, but a lover risk. Latest version is 1.1.x 4D also appear to be using jQuery v1.6.1. This version is open for cross-site scripting and the version is deprecated. Latest version is v3.x If FlexNet Code Aware is correct I think it would be appropriate for 4D to update these element, so that potential buyer of a Desktop application is not scared away. Regards Carl Aage Wangel ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
