Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Welcome to the Official Site of PHP-Fusion
Sign In
Not a member yet? Click here to register.
Navigation
3 Replies | Latest reply on 03-01-2017 04:08 by Chan
JoiNNN
JoiNNN Posted 4 years ago 859 posts

Check files integrity

Add a feature to check if PHP-Fusion files are missing, changed or corrupt.
As an example we should:
- generate a md5 of each file's content
- store the path
- store the hash
- verify the paths and hashes against data coming from the PHP-Fusion MAIN site . This is very important since comparing the data against data stored on the same site can be altered and modified-to-match if one gets it's site hacked.

Useful links:
- http://www.php.net/manual/en/ref.fam.php
- http://www.sitepoint.com/monitoring-file-integrity/

Go to roadmap item #1501

3 Replies

Sort replies by
Chan
ChanPosted 4 years ago 3478 posts
How about rewrite a Txt file with the CRC info of the zip archive file during installation to a txt file. Chmod 600 or 444 it. Include with config file.

Do a admin page check files against the txt file info... Where If crc value check fails, report in red label, etc.. It can be in the php info page feature.
JoiNNN
JoiNNNPosted 4 years ago 859 posts
CRC is just as good, thing is if you can set chmod 444 to prevent modification then a hacker can also run chmod on that file and change the content to match modified files right? You wanna eliminate check request from MAIN? The way is see it is the safest, as long as the MAIN doesn't get hacked OFC :P
And yes, is meant to be displayed somewhere in the Admin Panel.
Chan
ChanPosted 4 years ago 3478 posts
It is, the logic was nothing is safe on the net.. an old saying that there is always a mountain higher than the highest mountain. To provide this feature, we are already good enough.

Actions

Sharing

More topics like this

You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You cannot download attachments in this forum.
Moderator: Development Team
JoiNNN

Check files integrity
by JoiNNN Posted 4 years ago