[development] jQuery 1.2 is released
Dmitri G
dmitrig01 at gmail.com
Sat Sep 15 17:32:30 UTC 2007
I don't understand how the DB can be compromized. Could you clarify? The
way I was thinking was running md5_file on the newly downloaded files, and
saving in to a table with md5 and filename. In hook_cron, it re-md5's the
files, and checks against the DB. Maybe if it's not very expensive, we could
even run it every few page loads to be even faster. Maybe provide a slider,
security vs. speed? :D
On 9/15/07, Earl Miles <merlin at logrus.com> wrote:
>
> D G wrote:
> > Why not include an MD5 hash in the DB? When you first download the
> > javascript, it takes an MD5 hash of the file(s) and stores them in the
> > database. Every cron, it checks. If they are not the same, it
> > re-downloads.
>
> Interesting idea, that. It's a step, though the db can also be
> compromised, if the md5 is re-downloaded regularly that can be mitigated
> somewhat. That actually does have some merit to it (and it's pretty much
> why yum and apt-get are trustworthy).
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20070915/b644081b/attachment.htm
More information about the development
mailing list