View Single Post
Old 10-27-2004, 08:14 AM  
bigstar
FlashFXP Developer
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

Quote:
Originally posted by ugh
Currently, LiveUpdate downloads a 15.8k html file and saves it as ffxpv302b1043-update.exe. FlashFXP then offers to run the downloaded update. While this is probably only a temporary problem, it raises the issue of validation of the installer. If somebody hacks the LiveUpdate server and uploads a fake update (a hostile program), FlashFXP will currently happily execute it. Can you add some fancy digital signature to your releases to address this security flaw?
I was in the process of updating LiveUpdate to build 1044, a problem arrised that required immediate attention and resolution.

Because of this the file was not available for download, When the file isn't available a redirect to the main homepage occurs rather than a 404 error. Normally updates aren't handled this way but I was trying to get this update out ASAP.

We use digital signatures on our setup executable, however FlashFXP doesn't validate it, that's up to the end user.
bigstar is offline   Reply With Quote