Why not include an MD5 hash in the DB? When you first download the javascript, it takes an MD5 hash of the file(s) and stores them in the database.&nbsp; Every cron, it checks.&nbsp; If they are not the same, it re-downloads.<br><br>
<div><span class="gmail_quote">On 9/15/07, <b class="gmail_sendername">Earl Miles</b> &lt;<a href="mailto:merlin@logrus.com">merlin@logrus.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
David Metzler wrote:<br>&gt; That&#39;s a bit unfair.&nbsp;&nbsp;I was talking about the risk of compromising the<br>&gt; site and operating system protection etc.&nbsp;&nbsp; I thought we were having a<br>&gt; discussion about risk vs. benefit, and I was trying to make a point that
<br>&gt; compromised javascript code does not have the same risk factor as<br>&gt; compromised php code.&nbsp;&nbsp; Particularly if you&#39;re talking about the ability<br>&gt; to propagate from host to host, etc. Some in this thread seemed to be
<br>&gt; implying that this was the same level of risk.<br>&gt;<br>&gt; Javascript operates in a security sandbox.&nbsp;&nbsp;PHP doesn&#39;t.<br><br>Compromised javascript can do things like install invisible key loggers<br>that send your keystrokes to some unknown location and steal whatever it
<br>is you enter into it.<br><br>Hope you don&#39;t visit your financial website and enter your password<br>after visiting your harmless-but-compromised javascript site.<br><br>(Thanks to Rasmus for his presentation at OSCMS Summit for that tidbit.)
<br></blockquote></div><br>