ansaurus

Question

Answer 1

+1 A:

I would install them in the same folder (option 1), with the addition to actually MD5 the two dlls when starting my program. To try to verify that they haven't been modified. This does not help a lot when it comes to security cause a hacker might as well modify my MD5 sum I would compare against. But it would at least stop the program from using corrupt dlls. Ofcourse this would also block out the possibility to update the dlls without updating the main application (on good an bad).

UnixShadow 2010-07-09 13:32:34

MD5 is a good suggestion, but this doesn't answer my question, or at least it means you agree with going for (1), am i right?

2010-07-09 13:40:15

+1 for hashing the files!!!

MarkRobinson 2010-07-09 13:49:03

Hashing the files has a disadvantage - if the user wants to install a newer version of the DLLs (for example to fix a security hole / vulnerability), the application will complain or even stop working...

mjustin 2010-07-09 13:55:38

No, don't hash! You WANT your application to work even if your DLLs have become infected with a virus. Educating the user is not your problem. Protecting the user against viruses is not your problem. Unless of course you're writing an AV program.

Cosmin Prund 2010-07-09 18:31:59

Answer 2

+3 A:

You could stick with option 1) :D

Or, you could use a variation on number 2, but extract them to the application data path:

GetSpecialFolderPath(CSIDL_LOCAL_APPDATA))

and use

SetDLLDirectory(DirectoryPath:PWideChar)

to specify where to load dll's from

Of course, to be perfectly honest, it's quicker just to write a simple installer!

Edit: Oh, and yes, as UnixShadow mentioned, hash the dll's so you can be sure that you're using the correct files!

MarkRobinson 2010-07-09 13:48:43

Yes quicker to write but not quicker to deploy (copy a file instead of running an installer). Anyway this is a great answer, thanks for the SetDLLDirectory idea. Moreover if the dlls are in the application data, the need of hashing is reduced, because they are more hidden.

2010-07-09 14:01:46

Installer is quicker to write AND quicker to deploy, especially if you (the author) are not the one installing the application. Click on web-link -> run -> next -> next -> next -> Done. Oppsed to: Click on web-link -> errr... save? -> double click on file -> errr, not working? double click on this other file -> errr, you can't start the application from the zip file??? Oh I need to extract the files from the archive! What's an archive?

Cosmin Prund 2010-07-09 18:22:43

I would also like to mention that on the newer os's, if you download a file from the internet (using internet explorer) it is marked as unsafe and will not open without a prompt box which is VERY annoying, an installer will overcome this!

MarkRobinson 2010-07-19 08:09:38

Answer 3

+2 A:

Depending on the nature of the application, you could consider compiling it with Lazarus.

I know, I know, it is a far stretch, and I don't know sb who has actually done this with openssl, so it is probably too much work. Still I wanted to make a note of this theoretical solution.

This because FPC/Lazarus is mingw compatible, and can use the same (GNU linker), you could try to link mingw libs (.a's) statically.

Some people in the past have experimented with it, and I have heard people succeed in this with mysql, but unfortunately they didn't give details.

So I have no conclusive proof that it worked, which makes it a bit academical.

Marco van de Voort 2010-07-09 14:16:26

Thanks for the academical answer. I have notime to try Lazarus, anyway the features you describe sound very interesting. By the way for the nature of the application i am writing it would be better to compile it with lazarus, because it is a server application, and being able to run it on linux would be great. Anyway it is a dream for the future.

2010-07-09 15:11:58

Answer 4

+3 A:

Option 3: use Inno to install it! You may have a good reason for not wanting to use an installer, but in case your reason is you think it's too expensive (in time or money), you might check out Inno. I started using it earlier this year and was amazed at how easy it is to learn and use. And, it's free!

Of course the side benefit of learning Inno is that you'd have it available in the future for other projects...

Robert Frank 2010-07-09 15:12:30

+1Once you start getting into manually copying multiple files for installation, its better to start looking at an installer. Inno is very straight forward and quick to learn, especially for something simple like this.

GrandmasterB 2010-07-09 18:08:19

Yes I did use Inno in the past and I plan to use it again for my main application, but what I am trying to install now it is just a tool, an exe + 2 dlls. Anyway I could write an Inno installer too, good suggestion.

2010-07-12 07:48:11

ansaurus

tags:

views:

answers:

Suggestions for deploying openSSL dlls

related questions