https://www.srihash.org/
SRI is a new W3C specification that allows web developers to ensure that resources hosted on third-party servers have not been tampered with. Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.
TLS ensures that the connection between the browser and the server is secure. The resource itself may still be modified server-side by an attacker to include malicious content, yet still be served with a valid TLS certificate. SRI, on the other hand, guarantees that a resource hasn't changed since it was hashed by a web author.
References:
- https://en.wikipedia.org/wiki/Subresource_Integrity
- https://www.w3.org/TR/SRI/
- https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
- https://wiki.mozilla.org/Security/Subresource_Integrity
1 comment:
Post a Comment