- From: Michel Fortin <michel.fortin@michelf.com>
- Date: Wed, 8 Nov 2006 07:53:55 -0500
Le 8 nov. 2006 ? 0:42, XcomCoolDude a ?crit : > How about a hash attribute for all elements that link to external > files (a, img, etc.)? > > It would allow you to pass an MD5, SHA-1, SHA-256, or other hash to > a user-agent for automatic comparison with the linked file. > > I'd suggest a format where the hash algorithm is listed, followed > by a forward slash and then the hash itself > > Examples: > hash="MD5/9e107d9d372bb6826bd81d3542a419d6" > hash="SHA-1/2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12" > hash="SHA-256/d7a8fbb3 07d78094 69ca9abc b0082e4f 8d5651e4 6d3cdb76 > 2d02d0bf 37c9e592" I wonder if "checksum" wouldn't be a better name: it contains the word "check" which better describe the purpose of the whole thing. But whatever the name, I like the idea of having an automatic mean for the browser to check the validity of downloaded documents. Many download pages already offer such checksums, but I rarely take the time to check manually after the download. Charles Iliya Krempeaux suggested to include the hash as an HTTP header. This would cover the case of an error in the transmission of a document, but it wouldn't in the case a file got maliciously modified on the server. In many cases, the web page for downloading the file is on a different server than the file itself; by providing the hash on the download page and checking it against the actual file you've received you get additional security against malicious file substitutions. This becomes increasingly important when files are mirrored on a couple of servers at different locations. Michel Fortin michel.fortin at michelf.com http://www.michelf.com/
Received on Wednesday, 8 November 2006 04:53:55 UTC