New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Download verification #14
Comments
Java download page for e.g. 8u121, provides a link JDK 8u121 checksum |
Oracle XE - not officially (on OTN downloads pages), but on the docker repository: https://github.com/oracle/docker-images/blob/master/OracleDatabase/dockerfiles/11.2.0.2/Checksum.xe |
Checking status codes, invalid file URL is good, as it ends with a 404. But invalid authentication doesn't end with 403.
edit. With invalid creds, invalid file URL doesn't result in a 404, anywhere. |
Since Oracle just provides cryptographically insecure checksums for their Instant-Client downloads (cksum does CRC), it would be great if you could include independent sha256 checksums in this repository. For example, a bunch of configuration files for the different products that provide filename/sha256 dictionaries and are then built into the downloader binary. The sha256 checksum could be provided by any contributor, thus it would be a trust-on-first-use workflow - which is still better than relying on cksum CRC. |
Not a bad idea. One issue is the way some products are released. For example, APEX The filename remains the same no matter which patch set is current. So it would be a matter of updating the expected checksum as updates are rolled out. Others include the full version in the filename - I was attempting to scrape the download page e.g. for sqlcl to grab the latest available version. I suppose only apply the checksum check if it exists in the submitted checksums could be a path forward. |
There is no checksum that I could see to verify the downloads, but if you enter incorrect password, the file is returned as a HTML document, with the error inside.
Edit, some do provide checksums:
The text was updated successfully, but these errors were encountered: