This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- PCI compliant file size verification
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
Aug 12, 2009
10:14 AM
PCI compliant file size verification
I am in the middle of my PCI-DSS audit and the qsa is asking how I verify that the binaries have not been modified in my installer package. We build the installation package and post to our web site. The customer downloads and installs. PCI is looking for a check the customer can do to verify the file has not been manipulated and malware added. We can use a MD5 tool on our end to create a hash and they can run the same tool on the installation package but this is to much work for everyone. Does installshied have a way to check for mods to the installer package at run time?
(1) Reply
Aug 12, 2009
11:32 AM
This (the verification; I'm unsure about the specific audits) is often done with digital signatures, and works most simply when you build a compressed setup as only the outermost file (your.msi or setup.exe) signature must be verified. Generally when a file is downloaded with IE, it gets marked to present and have the user verify this information, as well. Of course this is even more obvious on Vista and later with UAC prompts.