IBM Worklight 5.0.6 - Usage of testWebResourcesChecksum

https://stackoverflow.com/questions/17518515

02-06-2022
|

Question

According to Worklight 5.0.6 Information Center, for the attribute testWebResourcesChecksum in application-descriptor.xml:

The element controls whether the application verifies the integrity of its web resources each time it starts running on the mobile device. If its enabled attribute is set to true, the application calculates the checksum of its web resources and compares it with a value stored when it was first run. Checksum calculation can take a few seconds, depending on the size of the web resources. To make it faster, you can provide a list of file extensions to be ignored in this calculation.

<security>
    <encryptWebResources enabled="false"/>
    <testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
    <publicSigningKey> value </publicSigningKey>
</security>

1) If the attribute is set to true, the web resources checksum will be compared with a value stored when it was first run. What happen if the checksum is different? There will be an error message prompted and force application to start?

2) By default this attribute is set to false. However, for my understanding Direct Update will also require calculating checksum of the web resources. What is the underlying meaning of setting it to true or false?

Environment: Worklight 5.0.6 Developer Edition

Thanks!

Solution

Yes. An error message will be displayed and the user will be forced to quit the app.

Direct Update is a valid path for Worklight to change the web resources of an application, and will happen after the application contacts the Worklight Server upon launch or return to the foreground.

The idea here that if someone managed to get into the filesystem of the device and alter the web resources, the app will detect this and prevent use of the application.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow