Difference between revisions of "Resource Integrity"

From MgmtWiki
Jump to: navigation, search
(Sub Resource Integrity)
(Subresource Integrity)
Line 11: Line 11:
  
 
===Subresource Integrity===
 
===Subresource Integrity===
* [https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity SRI for the browser] is
+
* [https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity SRI for the browser] is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.
  
 
==References==
 
==References==
  
 
[[Category: Glossary]]
 
[[Category: Glossary]]

Revision as of 21:32, 2 May 2022

Full Title or Meme

The ability of the receiver to determine that a received resource has not be tampered with before it is used.

Context

  • Where a digital device is dependent on the received resource being an exact duplicate of that produced by a trusted party, some sort of authentication code is suppled. Cryptography is used to assure that no attacker could alter the contents without the receiver detecting the alteration.
  • This is also known a tamper evident protection.

Problems

Solutions

Code Signing

Subresource Integrity

  • SRI for the browser is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.

References