Checksum via FTP???

Roger Eller roger.e.eller at
Sun Sep 11 11:31:08 EDT 2011

On Sun, Sep 11, 2011 at 4:43 AM, Alex Tweedly wrote:

> Roger, the problem is that this doesn't protect you from the biggest
> danger. All this does is download the file again (not desirable if it's a
> large file), and then compare the md5-digest of the two downloaded copies.
> While this does protect you against a temporary glitch in one of the
> downloads, it doesn't do anything about the larger danger - that the file
> has become corrupted on the server. If the file on the server has been
> accidentally over-written, or even worse has been maliciously replaced by
> some virus-containing file, then this check won't save you.
> It really is safer to have the md5-digest stored on the server. Ideally
> (for the truly cautious or paranoid),  you would create the md5-digest
> before uploading the file, and then keep the digests on a different server,
> with a different username/password, so that even if the main account is
> compromised, the digests are still secure.
> -- Alex.
> On 10/09/2011 20:53, Roger Eller wrote:
>>  I am pleased as punch to report that THIS DOES WORK with an FTP path.
>>  ˜Roger
YUK!  It re-downloads the file!  I wondered why it's performance seemed so
sluggish.  This is a real bummer.  You've got me thinking though, so for
protecting the initial md5digest, I might store it in a database rather than
a file.  That could possibly make retrieval of that code more efficient, and
also add a protective layer.  Thanks for that info Alex!


More information about the Use-livecode mailing list