incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Haykel BEN JEMIA <hayke...@gmail.com>
Subject Re: Signed RSL from Apache
Date Mon, 20 Feb 2012 19:36:50 GMT
loader.swf will also be loaded with the app and can be hacked by a m-i-t-m
attack.

Sorry for the short message. Sent from my tablet.
Le 20 févr. 2012 20:29, "Martin Heidegger" <mh@leichtgewicht.at> a écrit :

> On 21/02/2012 04:18, Alex Harui wrote:
>
>> I don't think we can find a way to know that a file downloaded from one
>> mirror is
>> the same as one coming from another mirror without downloading it in the
>> first place.
>>
> What is wrong about an approach where the "loader.swf" has MD5 hash of the
> files? It
> has to load and check the loaded files before initializing them. The
> man-in-the-middle would need to
> provide a hacked swf with the same md5 ... hard to archieve.
>
> yours
> Martin.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message