Difference between revisions of "Resource Integrity"
From MgmtWiki
(→Subresource Integrity) |
(→Subresource Integrity) |
||
| Line 11: | Line 11: | ||
===Subresource Integrity=== | ===Subresource Integrity=== | ||
| − | * [https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity SRI for the browser] is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match. | + | * [https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity SRI for the browser] is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match. Using Content Delivery Networks (CDNs) to host files such as scripts and stylesheets that are shared among multiple sites can improve site performance and conserve bandwidth. However, using CDNs also comes with a risk, in that if an attacker gains control of a CDN, the attacker can inject arbitrary malicious content into files on the CDN (or replace the files completely) and thus can also potentially attack all sites that fetch files from that CDN. |
==References== | ==References== | ||
[[Category: Glossary]] | [[Category: Glossary]] | ||
Revision as of 21:36, 2 May 2022
Contents
Full Title or Meme
The ability of the receiver to determine that a received resource has not be tampered with before it is used.
Context
- Where a digital device is dependent on the received resource being an exact duplicate of that produced by a trusted party, some sort of authentication code is suppled. Cryptography is used to assure that no attacker could alter the contents without the receiver detecting the alteration.
- This is also known a tamper evident protection.
Problems
Solutions
Code Signing
Subresource Integrity
- SRI for the browser is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match. Using Content Delivery Networks (CDNs) to host files such as scripts and stylesheets that are shared among multiple sites can improve site performance and conserve bandwidth. However, using CDNs also comes with a risk, in that if an attacker gains control of a CDN, the attacker can inject arbitrary malicious content into files on the CDN (or replace the files completely) and thus can also potentially attack all sites that fetch files from that CDN.
