|
|
|
|
|
|
by sjbase
3263 days ago
|
|
|
I suppose the "Here's the MD5 for your download" concept is useful if the file is being served from a different host than the website itself. Someone could tamper with the file server, but may not have access to the HTML rendering a link to that file server. But you're right about serving the data & checksum from the same source. I don't see what extra layer of security or integrity it adds. Someone tampering with server file system, or the data transfer (MitM) inherently has the access they need to inject their own MD5 into the HTML. |
|
|