I’ve wondered the same. My guess is that the web page with the MD5 is not on the same server as the file. But, I have never checked. I suppose the same password might be used for access to both.
Dar On Apr 22, 2014, at 6:38 PM, Richard Gaskin <ambassa...@fourthworld.com> wrote: > I see a lot of sites that offer files to download also including an MD5 value > or other checksum, ostensibly so we can verify the integrity of the package > before running it. > > Sounds good, but if a hacker has sufficient control of a server to replace > the package, would he not also be able to update the checksums displayed > there to reflect those in his modified package? > > I like the idea of providing checksums, but I'm having a hard time seeing the > practical benefit. > > What am I missing? > > -- > Richard Gaskin > Fourth World > LiveCode training and consulting: http://www.fourthworld.com > Webzine for LiveCode developers: http://www.LiveCodeJournal.com > Follow me on Twitter: http://twitter.com/FourthWorldSys > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
