Server-side vs client-side file hashing

I'm about to write a little webapp/tool/widget that needs to store some files on the server. In order to avoid unnecessary load on the server-side, I want to create file hashes (with SHA, MD5 or whatever...) on the client side. It is manageable with HTML5 FileAPI, but then Opera and IE9 users will get sacked. JAVA or Flash applets can be used instead HTML5 approach, in order to keep the application cross-browser compatible. But since I'm not familiar with JAVA/Flash (and I would use them only in life or death situations), I'd like to stick with JS if possible. But all client-side suggestions are welcome... JS, JAVA, Flash, whatever...

Traditional POST method (with PHP) will do the trick regardless of user agent. And AFAIK it's safer.

Long story short, my question is: why should I prefer client-side over server-side hashing?

Ca开发者_如何转开发n you provide some pros and cons of both approaches?

Server side More load, but not that much. Write the code, time it, measure memory usage etc. I doubt it will be a massive problem, especially if you can do it with a cron job to spread the load out if it's huge.

Client side You can't trust the hashes, and to verify them requires you to recalculate them on the server. Less server load, but if it takes a while to hash a large file this will be annoying for the user.

I'd do it server side unless you have thousands of huge files every minute!

I tried to write some pros on doing this on the client-side but in my honest opinion you'll just be making it hard for yourself. And how you will make sure the hash that was submitted was generated by you? Anyone can easily use tools like Firebug and change the running code (Correct me If I'm wrong about this, never actually used it :D ). And furthermore they can create/forge their own request and post it to your PHP file, so you would loose a lot of control.

So how will you check the data then? Generate another hash and check them against each other ? But then your already doing it server-side!

So rather think about keeping the hashing operations server-side where you control the environment. And hashing algorithms have been around for years so I'm sure they have optimized it quite a lot. And you will ensure more compatibility for your clients.

And if you are getting enough traffic that hashing is a major performance hit then it's maybe time to upgrade to something bigger ...

But don't get me wrong this is very possible and makes sense - http://www.movable-type.co.uk/scripts/sha1.html - but I just can't get myself to trust this solution.

what if JavaScript is turned off? You don't have to rely on JavaScript to do your work if you do it server side. Would rather use the extra server resource for 100% guarantee that it is going to work!