Legend

Answered

Monstrosity links???

Forum|Forum|9 years ago
January 15, 2017
2 replies
1765 views

Just for laughs can anyone inform me why we are now being fed monstrosity links like below?

Instead of:

I assume they must serve some kind of purpose.

Os

This topic has been closed for replies.

Correct answer Nancy OShea

Yes. it's important. It's called an INTEGRITY attribute and it's there in case the CDN is ever hacked or goes malicious.

Integrity is a flag that can be included in script-tags that specify the hash of an accepted script. If the script on the server does not match the hash, the end user’s web browser will reject it This reduces potential risk for everyone. These days, very important.

Crossorgin is also required for Integrity checking. It stops credentials from being sent with the request.

Nancy

pziecina

Legend

One other thing that Nancy did not mention -

Browsers are starting to implement 'warnings' about any scripts that are from a different server than the original, without the 'integrity/origin' attribute. This is how they are 'behind the scenes' implementing html5 ad blocking.

Nancy OShea

Correct answer

Community Expert

Yes. it's important. It's called an INTEGRITY attribute and it's there in case the CDN is ever hacked or goes malicious.

Integrity is a flag that can be included in script-tags that specify the hash of an accepted script. If the script on the server does not match the hash, the end user’s web browser will reject it This reduces potential risk for everyone. These days, very important.

Crossorgin is also required for Integrity checking. It stops credentials from being sent with the request.

Nancy

Nancy O'Shea— Product User & Community Expert

O

osgood_Author

Legend

This still works, without all the garbage, whats the risk to me?

Rob Hecker2

Legend

Rob Hecker2 wrote:
When my client websites go down, they stop making money, which makes them chase after poor me with pitch forks.

It happens anyway, regardless of being hacked. I had a client hosted with BT (British Telecom) a couple of years ago and the server just went down for a few days...and then was up for a few days and then down again. There's not much anyone can do until a server tech sorts it out (usually based somewhere else in the world) or you jump to another server provider, which also has the potential to go down.

Last year I had another clients website down for a day because they were moved to another server after a redesign only for the hosting company to some how point the domain back to the old server address.

I'm not aware of any hosting company that will guarantee 100% uptime. I make clients aware that there could be potential issues at some point and if it happens I'm not responsible, unless of course its my fault and if it is I bend over backwards to correct it as fast as possible. Because I work freelance it means Im available more so than a company that shuts up shop for the weekend/evening.

But the web is as fickle as anything else - you could jump in your car tomorrow and it doesnt start.

I would hope that the hosting companies that I use have some kind of protection against attacks

Unfortunately, shared web hosting has to be lax about security, otherwise their support staff will be overwhelmed by customers who are locked out or blocked from doing what they want to do.

Also, a lot of the security I focus on is the kinds of stuff that is under your control as a developer, such as controls within CMS admin systems (I don't allow customers to add javascript or anything but simple html and css), strong form validation and sanitation.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded