Difference between revisions of "Resource Integrity"
From MgmtWiki
(→Sub Resource Integrity) |
(→Subresource Integrity) |
||
Line 11: | Line 11: | ||
===Subresource Integrity=== | ===Subresource Integrity=== | ||
− | * [https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity SRI for the browser] is | + | * [https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity SRI for the browser] is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match. |
==References== | ==References== | ||
[[Category: Glossary]] | [[Category: Glossary]] |
Revision as of 21:32, 2 May 2022
Contents
Full Title or Meme
The ability of the receiver to determine that a received resource has not be tampered with before it is used.
Context
- Where a digital device is dependent on the received resource being an exact duplicate of that produced by a trusted party, some sort of authentication code is suppled. Cryptography is used to assure that no attacker could alter the contents without the receiver detecting the alteration.
- This is also known a tamper evident protection.
Problems
Solutions
Code Signing
Subresource Integrity
- SRI for the browser is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.