Checksum via FTP???

Roger Eller roger.e.eller at sealedair.com
Sun Sep 11 10:31:08 CDT 2011


On Sun, Sep 11, 2011 at 4:43 AM, Alex Tweedly wrote:

>
> Roger, the problem is that this doesn't protect you from the biggest
> danger. All this does is download the file again (not desirable if it's a
> large file), and then compare the md5-digest of the two downloaded copies.
>
> While this does protect you against a temporary glitch in one of the
> downloads, it doesn't do anything about the larger danger - that the file
> has become corrupted on the server. If the file on the server has been
> accidentally over-written, or even worse has been maliciously replaced by
> some virus-containing file, then this check won't save you.
>
> It really is safer to have the md5-digest stored on the server. Ideally
> (for the truly cautious or paranoid),  you would create the md5-digest
> before uploading the file, and then keep the digests on a different server,
> with a different username/password, so that even if the main account is
> compromised, the digests are still secure.
>
> -- Alex.
>
>
> On 10/09/2011 20:53, Roger Eller wrote:
>
>>
>>  I am pleased as punch to report that THIS DOES WORK with an FTP path.
>>
>>  ˜Roger
>>
>
YUK!  It re-downloads the file!  I wondered why it's performance seemed so
sluggish.  This is a real bummer.  You've got me thinking though, so for
protecting the initial md5digest, I might store it in a database rather than
a file.  That could possibly make retrieval of that code more efficient, and
also add a protective layer.  Thanks for that info Alex!

˜Roger


More information about the use-livecode mailing list