We’re writing a console app which is to be installed on client’s machines. It’s

Question

0

Asked: May 27, 20262026-05-27T14:30:51+00:00 2026-05-27T14:30:51+00:00

We’re writing a console app which is to be installed on client’s machines. It’s

0

We’re writing a console app which is to be installed on client’s machines. It’s possible we’ll want to update an XML file used by the app. How can I ensure the file is downloaded safely from our servers, eg no malicious files instead?

I presume the app would call our API to get the latest version number. If its newer than what it has, it would download this XML file from the specified URL. However doesn’t this make it vulnerable to man in the middle attacks or similar? I want to ensure our app is not responsible for downloading a malicious file (eg could be a malicious exe file).

Any help/guidance would be appreciated!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T14:30:52+00:00

Editorial Team

2026-05-27T14:30:52+00:00Added an answer on May 27, 2026 at 2:30 pm

You need to sign the XML file with a private key on your server, then verify it on the client with a public key embedded in your app.

This will only help if you have a secure mechanism to deliver the initial app with its public key (eg, HTTPS)

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

We’re writing a console app which is to be installed on client’s machines. It’s

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply