Ok, here is what I am thinking, and I'm asking for feedback. We have an MD5 checksum file associated with an artefact we are wishing to download. We download/read the checksum, and then download the artefact, creating a checksum ourselves, comparing it to that original.
Personally, I believe that we ought go to extreme measures to not leave any artefact on disk if it failed a check [even if we are CTRL-C'ed], since it is potentially tampered with. Even if we know it is bad, once taken out of the context of our code (and it'd be available on disk) others might become victim to it. As such I'd like to develop something like a stream that does the MD5 check as it is being written to, wrapped around some sort of tempfile(). If a stream isn't overkill, then the MD5 check could complete in the close() and if failed, perhaps destroy the file. We could attempt to re-write it with blanks, then try to delete it. Anybody got any thoughts on this? Anybody got any experience with similar things? regards, Adam -- Experience the Unwired Enterprise: http://www.sybase.com/unwiredenterprise Try Sybase: http://www.try.sybase.com
