开发者

md5 in http with range

Imagine a user asks for Rage: bytes=2-5 of a 10-byte file. What MD5 sum has to be served to the user? The MD5 sum of all 10 bytes or only of the partial content, bytes 2-5?

RFC2616 Section 14.15 reads:

The MD5 digest is computed based on the content of the entity-body, including any content-coding that has been applied, but not including any transfer-encoding applied to the message-body. If the message is received with a transfer-encoding, that encoding MUST be removed prior to checking the Content-MD5 value against the received entity.

How must I interpret that? I ask this because I would refrain from adding md5sums to partial content, iff it has to be re-gener开发者_JAVA技巧ated for each range-request.


This is: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/178.

So there is no easy answer, the Working Group will gladly accept feedback.


Unless you're running HTTP over some very unusual network protocol, what are you gaining by using MD5 checksums? TCP handles integrity checking, the HTTP header is optional, and its not intended to ensure integrity against malicious attacks.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜