FlashFXP Forums - View Single Post - FlashFXP v3.0.2.1044 Final

ugh · 10-27-2004, 07:52 AM

Currently, LiveUpdate downloads a 15.8k html file and saves it as ffxpv302b1043-update.exe. FlashFXP then offers to run the downloaded update. While this is probably only a temporary problem, it raises the issue of validation of the installer. If somebody hacks the LiveUpdate server and uploads a fake update (a hostile program), FlashFXP will currently happily execute it. Can you add some fancy digital signature to your releases to address this security flaw?

10-27-2004, 07:52 AM
ugh Junior Member Join Date: May 2002 Posts: 14	Currently, LiveUpdate downloads a 15.8k html file and saves it as ffxpv302b1043-update.exe. FlashFXP then offers to run the downloaded update. While this is probably only a temporary problem, it raises the issue of validation of the installer. If somebody hacks the LiveUpdate server and uploads a fake update (a hostile program), FlashFXP will currently happily execute it. Can you add some fancy digital signature to your releases to address this security flaw?