Today I have found the scenario where some content fetched from FTP was corrupted through the download process. There are several validation mechanisms which can be integrated into WfExS-backend:
When a file is a known compressed archive (tar, gz, bzip2, xz, zip), its integrity should be checked.
When a file is signed, and a public signing key is available, check the file was not tampered.
Declaring a file to be fetched containing MD5 or SHA1 sums or signatures of the fetched contents.
Declaring inline fields containing the MD5 or SHA1 sums of the fetched contents.
Today I have found the scenario where some content fetched from FTP was corrupted through the download process. There are several validation mechanisms which can be integrated into WfExS-backend:
tar
,gz
,bzip2
,xz
,zip
), its integrity should be checked.