Michel Fortin wrote:
I'm beginning to think that the link "fingerprint" method is best
solution because the hash is more portable as part of the URL. I could
for instance copy a fingerprinted URL right into this email:
http://example.com/file#!md5!b3187253c1667fac7d20bb762ad53967
Indeed, that's one of the major use cases.
and a knowledgeable browser receiving this URL would know how to check
the validity of the received document. The two concerns I have with it
is that it somewhat distorts the concept of a fragment identifier,
It does a bit; but the fragment identifier is unused for binary
downloads, so there's not much risk of a clash. Also, "!" is currently
not legal in HTML ids, AIUI.
and
it's generally going to be lost if there is any redirection (although a
browser that knows about fingerprints could keep them across redirections).
Indeed. In fact, it would be a security flaw to update the identifier on
redirect.
Gerv
