Reply to post: Re: I dunno if this would work...

Your antivirus doesn't like Ammyy. And fraudsters will use that to RAT you out (again)

Adam 1

Re: I dunno if this would work...

> But might it be a good idea to have a "known good" or "gold" copy of the download held in a secure non-web-facing store

Except if your site got pwned then they would just return true inside the isequal method it uses compromising the entire model.

You don't really need the whole file btw. You just need to store its hash and compare that. Where your idea does have merit would be to deploy to a web job to aws/azure that downloads the files and does the comparison once an hour, broadcasting to predetermined mailboxes when there is a mismatch. Just don't use the same credentials or server for that web job and remember to update your build system to push the new hash to the guardian web job.

Next, figure out some way to protect your build server/repository/compiler/meatbags involved in pushing out a release.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022