Checksum via FTP???
Roger Eller
roger.e.eller at sealedair.com
Sun Sep 11 11:31:08 EDT 2011
On Sun, Sep 11, 2011 at 4:43 AM, Alex Tweedly wrote:
>
> Roger, the problem is that this doesn't protect you from the biggest
> danger. All this does is download the file again (not desirable if it's a
> large file), and then compare the md5-digest of the two downloaded copies.
>
> While this does protect you against a temporary glitch in one of the
> downloads, it doesn't do anything about the larger danger - that the file
> has become corrupted on the server. If the file on the server has been
> accidentally over-written, or even worse has been maliciously replaced by
> some virus-containing file, then this check won't save you.
>
> It really is safer to have the md5-digest stored on the server. Ideally
> (for the truly cautious or paranoid), you would create the md5-digest
> before uploading the file, and then keep the digests on a different server,
> with a different username/password, so that even if the main account is
> compromised, the digests are still secure.
>
> -- Alex.
>
>
> On 10/09/2011 20:53, Roger Eller wrote:
>
>>
>> I am pleased as punch to report that THIS DOES WORK with an FTP path.
>>
>> ˜Roger
>>
>
YUK! It re-downloads the file! I wondered why it's performance seemed so
sluggish. This is a real bummer. You've got me thinking though, so for
protecting the initial md5digest, I might store it in a database rather than
a file. That could possibly make retrieval of that code more efficient, and
also add a protective layer. Thanks for that info Alex!
˜Roger
More information about the use-livecode
mailing list