当前位置: 动力学知识库 > 问答 > 编程问答 >

php - Filesize checks for integrity checks

问题描述:

Hey I'm wanting to have an integrity check on a software that will be distributed to many different types of servers. Can I use PHP's filesize() comparisons safely... for example will a filesize that is 745 on my server be 745 across all other servers?

网友答案:

Yes, unless it's a text file whose line endings were converted.

However, you should not rely on file size alone for integrity checking. Use the md5_file or sha1_file functions instead.

网友答案:

As others have said - you need to check the contents as well as the size - its trivial to pad a file to a known size with whitespace.

However,

software that will be distributed to many different types of servers

Depending on how you deliver files to the server the size may differ due to character set conversions - e.g. Unix uses a LF as a line ending, but Microsoft's operating systems default to the CP/M behaviour of using CR+LF (there are other oddities on more esoteric operating systems - such as EBCDIC). i.e. you should probably plan on reversing any translation process before applying the integrity check.

Alternatively, instead of referencing the fingerprints to a different server, you could capture a set of file fingerprints when you deploy to the target system and encrypt it using a key not stored on the target (i.e. which you type in each time you want to check the fingerprints) then store this alongside the code.

HTH

C.

网友答案:

Yes. However, this is not a reliable way to check integrity. I would at the least add a CRC. A strong hash function like SHA-256 would be better. Regardless, you can use hash_file.

网友答案:

The filesize can differ because line endings are different on various OSes. On Windows line endings are CRLF, on Linux LF, on Mac (including OS X) it's CR. Personally, I would just put all source in an archive, calculate the checksum (sha1 or md5) and publish that on a website, so people downloading the package can check the validity of the package themselves.

网友答案:

Another reasonably popular way of accomplishing the same was to create a (MD5) hash sum of your file. However, read Is MD5 really that bad? for cons.

分享给朋友:
您可能感兴趣的文章:
随机阅读: