All geek questions in one place

Should your Microsoft Publisher ID be private?

At Microsoft Dev Center you can Publisher ID ...

a string that uniquely identifies your Windows Store developer account in your packages. The publisher ID is assigned by Microsoft and you cannot change it.

It will probably appear in many open source repositories for Windows 8 because it is specified in the identity element of the Package.appxmanifest element, which is required to create your project.

Searching extension: appxmanifest on GitHub shows almost 5,000 files with this information, since appxmanifest is not included in gitignore by default.

Here's the GitHub help page on Removing Sensitive Data , but I wonder if there is a reason to worry about this in the first place.

Q: Is there a security reason why this should be kept confidential?

+6
source share
3 answers

Q: Is there a security reason why this should remain closed?

I will not say that this is due to a 100% security reason. But there are other factors. Since this Publisher ID , which you obtained from your developer account in the Vault, will help you create a certificate with the publisher ID of your choice. You can also create a password.

Publisher ID helps you sign an application package

If you either create a package for the Windows Store or associate an application with it, the Publisher attribute is set to the publisher ID that was received from your developer account in the Store when you logged in at the time the package was created.

So, this is your publisher ID that actually identifies you. So it’s better to keep it safe (it is very similar to it, as if you do not want to provide your bank account information to anyone other than the bank;))

So, if your publisher ID is not secure or public, you may lose this choice.

Tick Create or use an alternate certificate

+4
source

Under normal circumstances, there is almost no reason to keep your Microsoft Publisher ID private. (I would not be surprised if there was some unique extreme case where you would like to keep it secret. Someone else would have to help me.)

Your publisher ID is distributed every time someone downloads your application from the Windows Store. You can view it for any application by manually opening it with AppxManifest.xml, or you can use PowerShell: (Get-AppxPackage -Name "*_APPNAME_*" | Get-AppxPackageManifest).Package.Identity.Publisher

For example, (Get-AppxPackage -Name "*netflix*" | Get-AppxPackageManifest).Package.Identity.Publisher returns CN=52120C15-ACFA-47FC-A7E3-4974DBA79445 , and running the command in the application that I published on the Windows Store, gives me my personal publisher id.

+4
source

Kunal Chowdhury, Microsoft MVP, has his blog post. I suspect that if MVP does this conveniently, then it is probably safe.

http://www.kunal-chowdhury.com/2011/12/what-is-packageappxmanifest-file-in.html

Madhye, think about contacting and asking Mr. Chowdhury. I am sure that he can give you good advice in this area.

+1
source

Source: https://habr.com/ru/post/953672/

More articles:


All Articles