file checksums
Dar Scott
dsc at swcp.com
Tue Apr 22 21:00:07 EDT 2014
I’ve wondered the same.
My guess is that the web page with the MD5 is not on the same server as the file. But, I have never checked. I suppose the same password might be used for access to both.
Dar
On Apr 22, 2014, at 6:38 PM, Richard Gaskin <ambassador at fourthworld.com> wrote:
> I see a lot of sites that offer files to download also including an MD5 value or other checksum, ostensibly so we can verify the integrity of the package before running it.
>
> Sounds good, but if a hacker has sufficient control of a server to replace the package, would he not also be able to update the checksums displayed there to reflect those in his modified package?
>
> I like the idea of providing checksums, but I'm having a hard time seeing the practical benefit.
>
> What am I missing?
>
> --
> Richard Gaskin
> Fourth World
> LiveCode training and consulting: http://www.fourthworld.com
> Webzine for LiveCode developers: http://www.LiveCodeJournal.com
> Follow me on Twitter: http://twitter.com/FourthWorldSys
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
More information about the use-livecode
mailing list