Sorry for the late response.
Igor Minar, 2014-02-05 03:08 (Europe/Helsinki):
I've been in discussions in the past where developers expressed concerns
about inability to verify that the bits delivered from CDN were the same
bits as the ones they reviewed and tested against during development.
On 06/26/2014 01:18 AM, Mikko Rantalainen wrote:
However, the suggested hash signature is far from enough. Most popular
libraries have means to load additional files and plugins and the
suggested hash is able to sign only the main file. If you cannot
trust the CDN provider, you cannot trust
On Sat, 14 Dec 2013, Some Developer wrote:
Currently most people store their JavaScript code on a CDN of some sort.
This often involves uploading their JavaScript files to a server hosted
and run by a third party which means the control and security of the
server is out of the hands of the
I like this a lot!
I've been in discussions in the past where developers expressed concerns
about inability to verify that the bits delivered from CDN were the same
bits as the ones they reviewed and tested against during development.
It's very common to pull popular libraries (like jquery,
On Sat, Dec 14, 2013 at 3:41 PM, Bjoern Hoehrmann derhoe...@gmx.net wrote:
* Some Developer wrote:
Currently most people store their JavaScript code on a CDN of some sort.
This often involves uploading their JavaScript files to a server hosted
and
run by a third party which means the control
* Some Developer wrote:
Currently most people store their JavaScript code on a CDN of some sort.
This often involves uploading their JavaScript files to a server hosted and
run by a third party which means the control and security of the server is
out of the hands of the website owner. If the CDN