I'm speccing out a feature for our SDK product, which consists (UI-wise) mostly of a WebView. Because of bandwidth restrictions, we have to be really careful when adding more features / libraries (every kb counts). To counter this, and free us up to choose our Javascript libraries better, I proposed having our SDK, when it starts, download the latest JS bundle from our server. I have the server in place (NodeJS + Gulp based), but am curious if there's a way to validate whether the Javascript file in local storage is the file we actually sent. Is there like an MD5 mechanism either built into iOS or available in CocoaPods or something similar?
Asked
Active
Viewed 122 times
0
-
you could serve it with https and validate the cert – Daniel A. White May 21 '15 at 13:54
-
Does that not still leave the file open to tampering in the meantime? – Steven May 21 '15 at 13:56
-
you could store it in the app sandbox which should help isolate you. – Daniel A. White May 21 '15 at 13:56
1 Answers
0
You can compute md5 hash on iPhone, take a look at this thread (MD5 algorithm in Objective C).
Now all you have to do is load your file, compute md5 hash and compare it to your sever file's one.
