I am writing an auto update client. It’s a very simple app that: 1)

Question

0

Asked: May 19, 20262026-05-19T17:11:01+00:00 2026-05-19T17:11:01+00:00

I am writing an auto update client. It’s a very simple app that: 1)

0

I am writing an auto update client. It’s a very simple app that:
1) Checks a central server to see if an update exists for some application
2) Downloads the install program from the server if a newer version exists
3) Runs the setup program

Other than server-side concerns (like someone hacking our site and placing a ‘newer’ malicious application there), what client-side security concerns must I take into account when implementing this?

My current ideas are:
1) Checksum. Include the checksum in the .xml file and check that against the downloaded file. (Pre or post encryption?)
2) Encrypt the file. Encrypt the file with some private key, and let this program decrypt it using the public key.

Are both or either of these necessary and sufficient? Is there anything else I need to consider?

Please remember this is only for concerns on the CLIENT-SIDE. I have almost no control over the server itself.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-19T17:11:01+00:00

Editorial Team

2026-05-19T17:11:01+00:00Added an answer on May 19, 2026 at 5:11 pm

If you retrieve all of the information over https and check for a valid certificate then you can be sure that the data is coming from you server.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am writing an auto update client. It’s a very simple app that: 1)

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply