On 4/22/2014 8:38 PM, Richard Gaskin wrote: > > What am I missing? > Not much.
If a website is hacked then the file contents and posted checksum can be changed and then, as you noted, the checksum is useless as a form of security. Checksums were originally intended for file integrity security for "man in the middle" style hacks - where the file transfer was intercepted or spoofed. The checksum served to provide a verification that the file received, is in fact the file you requested and was not tampered with in transmission. See http://en.wikipedia.org/wiki/File_verification Practically speaking, I think with all the exploits and vulnerabilities (especially via social engineering, i.e. phishing, etc.), that gaining access to a target server is potentially easier these days that man-in-the-middle style attacks, so I think your are 100% correct in questioning that checksums value is not what it once was. Paul Dupuis Researchware _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
