AutoUpdater.NET icon indicating copy to clipboard operation
AutoUpdater.NET copied to clipboard

Published 20 hours ago verified publisher icon ravibpatel

Ensure the integrity of the xml file

Open aschoelzhorn opened this issue 6 years ago • 4 comments

Ensure the integrity of the xml file by signing the xml

aschoelzhorn avatar Jul 11 '17 13:07 aschoelzhorn

@aschoelzhorn Don't you think it will be an overkill? Every time we change it we need to sign it again.

ravibpatel avatar Jul 12 '17 06:07 ravibpatel

I don't think this is an overkill, but necessary for Issue #21 . The MD5 hash is almost useless, as long as you can not be sure the xml file hasn't been compromised.

aschoelzhorn avatar Jul 12 '17 07:07 aschoelzhorn

@aschoelzhorn You are right. But I don't think many ppl will sign their XML files. If this issue gets more votes I will consider adding it.

ravibpatel avatar Jul 14 '17 06:07 ravibpatel

@aschoelzhorn you can use https, or maybe ftps to get the xml, or change to check in a webservice and authenticate the user, if you are paranoid, you need to check your current local app for changes (altered files), and check the files sync with a server, like videogames..., ex. at updater start, check local files vs server files, the client never know the name of the xml in server, get an ID from server that is diferent in all clients... or maybe check that: https://github.com/ProgTrade/nUpdate/wiki/Creating-a-project-in-nUpdate-Administration

JavierCanon avatar Aug 01 '17 16:08 JavierCanon