User tests: Successful: Unsuccessful:
Currently there is no security when downloading files from update sites or uploading a package, with this feature the main goal is to make sure that only the original files are downloaded and installed by checking the integrity of the package(SHA256, SHA1 and MD5 Hashes), lowering the risk of getting infected files that can risk the user.
This verification will only be made for installing packages from URL or uploading a package file in the Install view, this is how the process of verification will happen:
(note: I forgot to place the SHA-256 hash here)
We will have 3 packages to test:
Package with the correct hashes in the update server manifest:
Here is the update server manifest:
Package with the wrong hashes:
I remember here that without the Force Install checked you won't install the extension
Update server manifest:
Package without hashes:
Update server manifest:
Case 1 - File Checksum OK:
A success message when the checksums are equal
Case 2 - File Checksum Failed:
A danger message when the checksums are not equal and the user does not want to force the installation, redirecting back to the view without installing the extension
Case 3 - File Checksum Failed but user wants to force install:
There will be a checkbox on the upload package and install from URL tab where the user can check if he really wants to install the extension even if the Checksum fails.
A warning if the checksum fails will appear.
Case 4 - No checksum found:
If the extension has no update site or no checksums (MD5, SHA1 or SHA256 tags) are showed in the update site manifest a warning should appear to make sure the users know that no security verification was provided in the extension package.
A info message will appear that no Hashes are available.
Currently there is no security or information related to this
|Category||⇒||Administration com_installer Language & Strings Front End Plugins|
Perhaps I did not understand the patch, but what problem do you want to fix with this PR?
Which scenario does now have a better protection with this PR?
Edit: to concretize my question: in which cases do the hashs differ?
Edit2: I guess it should protect from hacked files? How do you make sure, that the hash itself is valid?
The provided hash lets you double-check that the file you downloaded was not corrupted accidentally in transit, or that the file you downloaded from another source (a faster mirror or github etc) is the same as the file available for download at the original website where the hash is published