|Main Archive Page > Month Archives > websecurity archives|
Does anyone have any thoughts on security concerns for hosting js files at a content delivery network (CDN) like Akamai or others?
The bugtraq thread below was very timely for me and I was hoping to get some other thoughts on this:
Clearly, I recognize the potential performance gains for offloading static client side files to CDN when the page weight is high due to rich user experience but isn't it also fair to say that this adds an unnecessary risk to the web application? I mean, think of the possibilities if the integrity of the js files are compromised. the compromised js files would then have complete access to the DOM of the respective site. also, think about the possibilities with AJAX. this seems like a *huge* unnecessary risk to me that is best avoided.
in terms of best practices, isn't it fair to say that offloading js files to a CDN is a bad idea?
Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]