Filesize checks for integrity checks
Hey I'm wanting to have an integr开发者_JS百科ity check on a software that will be distributed to many different types of servers. Can I use PHP's filesize() comparisons safely... for example will a filesize that is 745 on my server be 745 across all other servers?
Yes, unless it's a text file whose line endings were converted.
However, you should not rely on file size alone for integrity checking. Use the md5_file or sha1_file functions instead.
As others have said - you need to check the contents as well as the size - its trivial to pad a file to a known size with whitespace.
However,
software that will be distributed to many different types of servers
Depending on how you deliver files to the server the size may differ due to character set conversions - e.g. Unix uses a LF as a line ending, but Microsoft's operating systems default to the CP/M behaviour of using CR+LF (there are other oddities on more esoteric operating systems - such as EBCDIC). i.e. you should probably plan on reversing any translation process before applying the integrity check.
Alternatively, instead of referencing the fingerprints to a different server, you could capture a set of file fingerprints when you deploy to the target system and encrypt it using a key not stored on the target (i.e. which you type in each time you want to check the fingerprints) then store this alongside the code.
HTH
C.
Yes. However, this is not a reliable way to check integrity. I would at the least add a CRC. A strong hash function like SHA-256 would be better. Regardless, you can use hash_file.
The filesize can differ because line endings are different on various OSes. On Windows line endings are CRLF, on Linux LF, on Mac (including OS X) it's CR. Personally, I would just put all source in an archive, calculate the checksum (sha1 or md5) and publish that on a website, so people downloading the package can check the validity of the package themselves.
Another reasonably popular way of accomplishing the same was to create a (MD5) hash sum of your file. However, read Is MD5 really that bad? for cons.
精彩评论