search

ravibpatel / AutoUpdater.NET

AutoUpdater.NET is a class library that allows .NET developers to easily add auto update functionality to their classic desktop application projects.
MIT License
3.03k stars 765 forks source link

Ensure the integrity of the xml file #22

Open aschoelzhorn opened 7 years ago

aschoelzhorn commented 7 years ago

Ensure the integrity of the xml file by signing the xml

ravibpatel commented 7 years ago

@aschoelzhorn Don't you think it will be an overkill? Every time we change it we need to sign it again.

aschoelzhorn commented 7 years ago

I don't think this is an overkill, but necessary for Issue #21 . The MD5 hash is almost useless, as long as you can not be sure the xml file hasn't been compromised.

ravibpatel commented 7 years ago

@aschoelzhorn You are right. But I don't think many ppl will sign their XML files. If this issue gets more votes I will consider adding it.

JavierCanon commented 7 years ago

@aschoelzhorn you can use https, or maybe ftps to get the xml, or change to check in a webservice and authenticate the user, if you are paranoid, you need to check your current local app for changes (altered files), and check the files sync with a server, like videogames..., ex. at updater start, check local files vs server files, the client never know the name of the xml in server, get an ID from server that is diferent in all clients... or maybe check that: https://github.com/ProgTrade/nUpdate/wiki/Creating-a-project-in-nUpdate-Administration