I see a lot of sites that offer files to download also including an MD5
value or other checksum, ostensibly so we can verify the integrity of
the package before running it.
Sounds good, but if a hacker has sufficient control of a server to
replace the package, would he not also be able to update the checksums
displayed there to reflect those in his modified package?
I like the idea of providing checksums, but I'm having a hard time
seeing the practical benefit.
What am I missing?
--
Richard Gaskin
Fourth World
LiveCode training and consulting: http://www.fourthworld.com
Webzine for LiveCode developers: http://www.LiveCodeJournal.com
Follow me on Twitter: http://twitter.com/FourthWorldSys
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
