News:

SMF - Just Installed

Main Menu

Signing the application and installer

Started by doublehighc, November 25, 2007, 11:11:53 AM

Previous topic - Next topic

doublehighc

When doing an import with SuperManager Lite and QuickBooks 2008, the "Application with No Certificate" dialog pops up with a long list of reasons why you should be wary about letting unsigned applications work with QuickBooks. They are correct about this, so I am going to set QuickBooks to prompt each time for security.

One of the first things I noticed about downloading SuperManager Lite was that the installer was unsigned. This did not make a good first impression for an application that we are trusting with sensitive financial information.

Could you please update SuperManager Lite so that the application and installer are signed? Code signing cerfiticates are pretty inexpensive these days from companies like Comodo. If SuperManager were signed, I could then be comfortable letting it access QuickBooks without requiring a prompt each time.

Thank you for your consideration of this request!

David Johns

doublehighc,

We'll look into this.  I have to say honestly, however, that your request caught me by surprise, since this is the first time in our three and a half years of business that anyone has ever expressed concern over this.  I agree it could add some credibility to have this, but feel free to use all the http sniffers you want and you will find the only thing that ever gets sent from SuperManager is when you check for updates SuperManager sends a SuperWare server your current version and your license key for checking against our user database.  Other than that operating SuperManager is just the same as if you were interacting with your Yahoo store manager in internet explorer.

Like I said, however, I'll look into code signing and report back if/when we are able to incorporate it.

Thanks,
David
SuperManager Support
info@thesupermanager.com

doublehighc

Hi David,

The big benefit of code signing - no matter how big or small your company, no matter how good your reputation - is the protection it offers against hacking / phishing for malicious updates/installs from third parties pretending to be SuperWare. It's not absolute protection, of course, but it's good value for the price.

Thanks,
Michael

doublehighc

Is there any progress on this, especially regarding the application? The Lite application is still unsigned as of 1.2.7.0.

It seems a simple thing to do and adds a lot of security to the accounting application. It's getting old giving QuickBooks permission each day when I run SuperManager, but I'm not going to risk someone sending out another program claiming to be SuperManager and getting at our accounting data! Again, it's not a matter of SuperWare's reputation - it's a matter of protecting against malicious people claiming to be SuperWare in the future.

Thanks,
Michael

David Johns

Michael,

As of version 1.4.7.2 both SuperManager and its installer are authenticode signed.

Thanks,
David
SuperManager Support
info@thesupermanager.com