I don't understand how the DB can be compromized.  Could you clarify?  The way I was thinking was running md5_file on the newly downloaded files, and saving in to a table with md5 and filename.  In hook_cron, it re-md5's the files, and checks against the DB. Maybe if it's not very expensive, we could even run it every few page loads to be even faster.  Maybe provide a slider, security vs. speed? :D
<br><br><div><span class="gmail_quote">On 9/15/07, <b class="gmail_sendername">Earl Miles</b> &lt;<a href="mailto:merlin@logrus.com">merlin@logrus.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
D G wrote:<br>&gt; Why not include an MD5 hash in the DB? When you first download the<br>&gt; javascript, it takes an MD5 hash of the file(s) and stores them in the<br>&gt; database.&nbsp;&nbsp;Every cron, it checks.&nbsp;&nbsp;If they are not the same, it
<br>&gt; re-downloads.<br><br>Interesting idea, that. It&#39;s a step, though the db can also be<br>compromised, if the md5 is re-downloaded regularly that can be mitigated<br>somewhat. That actually does have some merit to it (and it&#39;s pretty much
<br>why yum and apt-get are trustworthy).<br></blockquote></div><br>