ActiveX control versioning and signing
https://stackoverflow.com/questions/7980190
-
19-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
I made an ActiveX control packaged as cab and put it in my web server. The cab was digitally signed with a dummy signature. On the client machine, in "C:\Windows\Downloaded Program Files" I could find the dll and osd files that were extracted from the cab. Now I bought a real certificate and signed the cab on the server with it. When I logged in as a client, after setting some secutity settings, I expected to see a prompt for downloading an ActiveX control with my name as publisher. That didn't happen. Then I went to "C:\Windows\Downloaded Program Files", deleted the dll and osd file that were extracted from the cab, logged in as client again and then I did see what I was expecting to see: a prompt for downloading an ActiveX control with my name as publisher. My question is: why couldn't I see the signature in the first login? sure, the dll and osd files were already there, and the dll had the same version, but doesn't the fact that the cab was signed with a new signature and timestamped mean anything? and another question - if the dll inside the cab had a newer version number than the one in "C:\Windows\Downloaded Program Files", would it then be overwritten?
Solución
Obviously, the version number is being detected to decide whether to redownload the control. If the version number of CAB is newer than that of the local copy, it will overwrite the one in "C:\Windows\Downloaded Program Files".
