Questions about pshell studio compiled exe

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 7 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
LtMandella
Posts: 61
Last visit: Mon May 07, 2018 4:03 pm

Questions about pshell studio compiled exe

Post by LtMandella »

Product, version and build: powershell studio
32 or 64 bit version of product:64
Operating system:win server 2008 r2
32 or 64 bit OS:64
PowerShell Version:3

I did some searching and couldn't find any details about the compiled .exe file generated by pshell studio.

Is it possible to use a decompiler to recover the source code from the compiled .exe file?

Due to requirements of 3rd party accounting system we don't use integrated security. So we end up using an "application account" (sql server login) user id and pw for connection string to sql server, and custom metadata and logic in our stored procs to control who has access to what data, since we do pass in the windows user name.

If the "application" account pw is in the connection string in the source code, will it be possible to recover the connection string from the .exe compiled by pshell studio?

thanks,
ken
User avatar
davidc
Posts: 5913
Last visit: Mon Jul 08, 2019 8:55 am
Been upvoted: 2 times

Re: Questions about pshell studio compiled exe

Post by davidc »

The following is a blog article discussing security in the package executables:

https://www.sapien.com/blog/2010/01/19/ ... -packages/

It is important to point out that at some point the package engine must submit the script’s text to PowerShell via memory. This can be a point of vulnerability since PowerShell doesn't have a secure method of submitting a script. Note: We have taken some measures to have mitigate this risk, but nothing is 100% secure.

We recommend that you don't include passwords in scripts that are in clear text. You can try other methods, such as securing password in encrypted file or simply prompt for the password when required. You can search the web for these solutions.
David
SAPIEN Technologies, Inc.
User avatar
LtMandella
Posts: 61
Last visit: Mon May 07, 2018 4:03 pm

Re: Questions about pshell studio compiled exe

Post by LtMandella »

thank you for the prompt reply! will check out the blog.
This topic is 7 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.