|
-
Aug 5th, 2009, 10:15 PM
#1
Thread Starter
Frenzied Member
Updating an application from Internet - hashing method
Hello,
I have created an updater for my application. When the application starts the user can launch an updater that will check for the latest version. Download it and copy the files to where the installation is.
Everything works fine.
However, I am looking for a more robust technique. And I have discovered it is better to hash the files on the web server with a hash algorithm and then when they have downloaded use the same hash algorithm to compare the hash values. If they are different either the files were corrupted when downloaded or some modified them without permission.
However, my problem is where do I store the hash values? I was thinking of hashing the files, and storing all the hash values for each file in a text file, and my updater will download that text file.
I am not sure if that is the best technique to use of not? Is this the normal and best way to do this?
Many thanks for any advice,
-
Aug 5th, 2009, 10:19 PM
#2
Re: Updating an application from Internet - hashing method
We don't store the has values. Our client requests updates using a web service and the web service hashes the files on demand.
If you don't want to do that then you would have to create an extra text file containing all the hash values and store it with the other files. You could then download that file first, test the hashes and then download the other files as required.
-
Aug 5th, 2009, 10:52 PM
#3
Thread Starter
Frenzied Member
Re: Updating an application from Internet - hashing method
Hello,
I guess I could use a web service and hash the files. So when the web service hashes the files. It it will also download the hash values as well?
Something else I was thinking about. Is that I should download the files and hash values into the temp directory. Then check to make sure that they are correct, If they are correct copy the files to the installation folder. Else, inform the user that he needs to download again.
When you download your files, do you put them into a temp folder?
Many thanks,
-
Aug 5th, 2009, 11:16 PM
#4
Re: Updating an application from Internet - hashing method
Yes we use a temp folder. It's particularly important as the download may take some time as our clients are mobile and wireless (3G). Once the files are downloaded you can hash them again and compare that to the values generated on the server to ensure valid downloads. We also use a master hash, which is a hash of the individual hashes concatenated.
-
Aug 6th, 2009, 05:58 AM
#5
Thread Starter
Frenzied Member
Re: Updating an application from Internet - hashing method
Hello,
Can I ask you what is the purpose of your master hash?
I can only think that you concatenate all the file hashes into a single file. Then you use that master hash to compare all the hashes of all the files that have been downloaded by concatenating them as well. So you would compare 2 concatenated master hash files.
Apart from that I can't really see what else a master hash would be.
Many thanks,
-
Aug 6th, 2009, 09:02 PM
#6
Thread Starter
Frenzied Member
Re: Updating an application from Internet - hashing method
Hello,
I think that maybe using the web service could be the way to go. As you have already done this, I would like to learn from you experience.
I am just wondering what you have done about security?
And my previous question was on the master hash?
Many thanks,
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|