ambassador at fourthworld.com
Wed Apr 23 02:38:08 CEST 2014
I see a lot of sites that offer files to download also including an MD5
value or other checksum, ostensibly so we can verify the integrity of
the package before running it.
Sounds good, but if a hacker has sufficient control of a server to
replace the package, would he not also be able to update the checksums
displayed there to reflect those in his modified package?
I like the idea of providing checksums, but I'm having a hard time
seeing the practical benefit.
What am I missing?
LiveCode training and consulting: http://www.fourthworld.com
Webzine for LiveCode developers: http://www.LiveCodeJournal.com
Follow me on Twitter: http://twitter.com/FourthWorldSys
More information about the use-livecode