incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Mclean <jus...@classsoftware.com>
Subject Re: [jira] [Commented] (FLEX-33150) Progamatically verify the MD5 hash of the downloaded Apache Flex SDK
Date Tue, 31 Jul 2012 07:31:25 GMT
Hi,

Looks good. 

Just a question (for anyone) from a security point of view would it be better to:

a) Compile the MD5 hashes values into the application (ie place in the XML file or as static
consts)
OR
b) Or download the hashes from the Apache Web site? 

Download hashes over HTTP could be risky for all sort of reasons. Needing a HTTPS connection
may cause issue with firewalls and the like.

Thanks,
Justin
Mime
View raw message