flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Heidegger ...@leichtgewicht.at>
Subject Re: Signed RSL from Apache
Date Mon, 20 Feb 2012 19:29:03 GMT
On 21/02/2012 04:18, Alex Harui wrote:
> I don't think we can find a way to know that a file downloaded from one mirror is
> the same as one coming from another mirror without downloading it in the
> first place.
What is wrong about an approach where the "loader.swf" has MD5 hash of 
the files? It
has to load and check the loaded files before initializing them. The 
man-in-the-middle would need to
provide a hacked swf with the same md5 ... hard to archieve.


View raw message