[development] jQuery 1.2 is released

Dmitri G dmitrig01 at gmail.com
Sat Sep 15 17:32:30 UTC 2007

I don't understand how the DB can be compromized.  Could you clarify?  The
way I was thinking was running md5_file on the newly downloaded files, and
saving in to a table with md5 and filename.  In hook_cron, it re-md5's the
files, and checks against the DB. Maybe if it's not very expensive, we could
even run it every few page loads to be even faster.  Maybe provide a slider,
security vs. speed? :D

On 9/15/07, Earl Miles <merlin at logrus.com> wrote:
> D G wrote:
> > Why not include an MD5 hash in the DB? When you first download the
> > javascript, it takes an MD5 hash of the file(s) and stores them in the
> > database.  Every cron, it checks.  If they are not the same, it
> > re-downloads.
> Interesting idea, that. It's a step, though the db can also be
> compromised, if the md5 is re-downloaded regularly that can be mitigated
> somewhat. That actually does have some merit to it (and it's pretty much
> why yum and apt-get are trustworthy).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20070915/b644081b/attachment.htm 

More information about the development mailing list