NYCPHP Meetup

[Daniel Convissor]

On Fri, Aug 13, 2004 at 11:58:40PM -0400, Joseph Crawford Jr. wrote:
> What's the big deal or why would you sign a php script or file? i have never
> understood the meaning of signing files.

Why sign a contract, a check, etc.  To prove authenticity.  If you 
download files from a mirror, you need to make sure the mirror wasn't 
compromized.  Or even the original server.  Forgery does happen.

Then, once you've verified the file before installing, you know the files' 
signagures so can check to see if the installed files on your server are 
still correct.  If the signatures match, you're fine.  If not, you know an 
intrusion has happened.

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409