Openlib Downloaded files not verified?

trafficstars

I may be misreading the code, but it doesn't seem like the file contents downloaded from mirrors in lib/services/download_file.dart are verified with the annas-archive md5 hash anywhere. Since third party mirrors can host whatever they like, this is an important step to avoid handing users potential malware. Is it maybe done somewhere I'm not seeing?

Feb 01 '24 05:02 Vyryn

I may be misreading the code, but it doesn't seem like the file contents downloaded from mirrors in lib/services/download_file.dart are verified with the annas-archive md5 hash anywhere. Since third party mirrors can host whatever they like, this is an important step to avoid handing users potential malware. Is it maybe done somewhere I'm not seeing?

I'm sorry I haven't implemented that check ,But will sure implement the md5 hash check ASAP. Thank you for mentioning this bro

Feb 01 '24 06:02 dstark5

I think maybe it would be good to also show it in the ui?

Feb 02 '24 00:02 inson1

Sure, gonna add the md5 verified tick after file download on the pop up

Feb 02 '24 05:02 dstark5

it looks like its done in latest release

Feb 06 '24 10:02 inson1

btw if the checksum is wrong, the file is deleted?

Feb 06 '24 10:02 inson1

If the checksum doesn't match a pop immediately shows with a warning

"The downloaded book may be malicious. Delete it and get the same book from another source, or use the book at your own risk."

Feb 06 '24 12:02 dstark5

@dstark5 Shouldnt there be also option to delete the file from the dialog? so its easy to manage it?

Feb 06 '24 20:02 inson1

Yes there should be but I haven't added the delete button on the alert pop up will sure add it in next update

Feb 07 '24 07:02 dstark5

great work

Feb 07 '24 07:02 inson1

Openlib Openlib copied to clipboard

Downloaded files not verified?

Openlib
Openlib copied to clipboard