Quote:
Originally posted by ugh
Currently, LiveUpdate downloads a 15.8k html file and saves it as ffxpv302b1043-update.exe. FlashFXP then offers to run the downloaded update. While this is probably only a temporary problem, it raises the issue of validation of the installer. If somebody hacks the LiveUpdate server and uploads a fake update (a hostile program), FlashFXP will currently happily execute it. Can you add some fancy digital signature to your releases to address this security flaw?
|
I was in the process of updating LiveUpdate to build 1044, a problem arrised that required immediate attention and resolution.
Because of this the file was not available for download, When the file isn't available a redirect to the main homepage occurs rather than a 404 error. Normally updates aren't handled this way but I was trying to get this update out ASAP.
We use digital signatures on our setup executable, however FlashFXP doesn't validate it, that's up to the end user.