P
Peter Judge
Guest
You can also create a hash-of-hashes for the whole codebase. So, something like - compile each .p/.cls with MD5, - sort the files in a directory and the directories (alphabetically or by size or by mtime or something known and consistent). - calculate a new hash, with the previous file’s MD5 as a salt So file1.p hash = md5-digest(rcode-info:md5-value, ) - you should use a salt for the first file. - this produces a single hash. Store this value (per release?) and the first salt securely (in a db field? At the end of a URI?) - when the application starts, recalculate the hash across the whole application code. - compare to the final hash. - technicolour yawn if they don’t match . you can also tell from this approach exactly which files were tampered with, since you know where the hash value differs from your correct value. I’d like to create a set of Ant/PCT tasks to do this, but time …
Continue reading...
Continue reading...