AutoHotKey at Work - Trying to get my script past Dev team

[magicinmath]

Hey everyone,

I've been working on an app for the agents at my contact center to write notes for their calls. The idea took off and was met with some praise among the workforce and operations teams.

Over the next few days I'm going to be interviewed by a leader in the Development team who would decide if this is something that can be placed on the agent VDI.

The script does not have anything network related and is more or less just an intermediate example of arrays and loops with a GUI. The app is practical, efficient, easy to maintain and is guaranteed to save x amount of time per call. With that being said, having personal identities and credit card information routinely absorbed on our servers, I'm concerned that AHK security will be the primary topic of discussion and I don't know the first thing about security really. It's likely going to be someone who knows a lot more about programming, systems, security and possibly even knows of AHK and may just think its a toy language to cheat at video games.

Does AHK have any reputation issues I should know about?

Is there anything worry some about Ahk2Exe for AutoHotkey v1.1.25.01?

Please give me some (any) insight, something that will make them feel confident that my compiled AHK script is safe to use on an international server that hosts sensitive data.

Anything I can use to sell this idea would be greatly appreciated, kinda desperate because I want the prestige that follows

Thank you and sorry for the long story, I know this isn't the general format for the Ask for Help forum.

[Delta Pythagorean]

Does AHK have any reputation issues I should know about?

Not that you should worry about, AHK has been a solid language to use for years.

Is there anything worry some about Ahk2Exe for AutoHotkey v1.1.25.01?

I'd suggest to update AHK since the current version (As of today) is 1.1.26.01,

Please give me some (any) insight, something that will make them feel confident that my compiled AHK script is safe to use on an international server that hosts sensitive data.

AHK is completely safe to use. The programmer however might make a mistake and cause problems. Just remember this quote: "It's always the user, not the computer."

Hope this helps!

[MrBubbles]

I've faced similar concerns in the past with some folks who are not familiar with AutoHotkey. One of the ways I've resolved some concerns is by only distributing my scripts as EXEs, signed with my corporate security certificate which is trusted by our Domain Certificate Authority. Additionally, I post the source code for all of my scripts to our internal GitHub Server as a Public Repo and ensure that all of my scripts are thoroughly commented.

Signing the EXE ensures that my scripts have not been modified by a third party and are trusted automatically by systems on our domain. If someone extracts the script from my EXE and modifies it, the signature will no longer be valid. They will then need to sign it with their own certificate making them responsible for whatever the version of the script containing that modification. Essentially - you sign it, you own it.

Keeping the source on our Github Server as a public repo and commenting it thoroughly means that anyone can look at what the script does at any time and the commenting is thorough enough that they don't even need to know anything about AutoHotkey - they can just read the comments.

Best advice I can offer is to be as transparent as possible and when someone questions what your script is doing or why it uses a particular set of logic - assume their intent is good. Some folks will call AutoHotkey a "hacking" language. I always challenge those people to give me a single language that has never been used for malicious purposes. No one has even been able to. The best way I've been able to describe AutoHotkey to others not familiar with it is as a scripting language for the Win32 API. For some reason, when I explain it that way everyone seems to become very comfortable.

Good luck and if you run into issues or questions with your IT partners that you can't answer, feel free to post them here. The community is really good about it and full of super smart folks.

[tank]

Weh heh hell. So, I got started with AutoHotkey while working for Bank of America Merchant Services, in a call center. At first doing simple data lookups and logging notes for associates. I know first hand your pain. 2 things. Saving AHT is pretty much the only financial argument to be had. Your execs are already in steamroller mode. The second point, is to remind IT that nothing is being stored and that only activity performed by humans is being emulated by the scripts. The next argument is going to come with managing code and preventing rogue scripts. We handled this by forcing a download of the scripts every day and deleting them on close. the scripts were hosted on an internal server managed by IT and I owned the scripts stored there. No, you cant prevent someone from writing rogue code but that problem exists today as every windows device has cscript and wscript as part of the OS supporting non-web based VB and ECMA scripts. Stress that AHK is no more dangerous than Excel and VBA also already on every desktop.