for legal reason I should let the customer be able to download a CSV file but she/he should be able only to read it, not modify it. What's a common way of handling this use case? Some kind of signature on the file so that if it's modified you can see it's not in his original form?
I don't need a solution bound to a specific language, I would just like to know what is the best practice.
If customer will be able to download this file into his computer, than you can't stop her/him from modifying it. However, you may easy detect changes, the easiest will be generating a cryptographic hash function for the file, i.e.: