[WEB SECURITY] risks of hosting js files on CDN?
Peter Conrad
conrad at tivano.de
Tue Nov 27 03:20:14 EST 2007
Hi,
On Tue, Nov 27, 2007 at 12:04:41AM +0100, Eric Rachner wrote:
>
> Granted, there's the additional risk of the 3rd party's infrastructure
> getting owned, but that's about it. And given that the CDN's function is to
> mitigate the risks of denial-of-service attacks and local outages, how is it
> anything but a smart move to accept the small risk (of the CDN getting
> owned) in exchange for reducing the large risks (of DDOS/local outages)?
erm, "small risk"?! If you can inject javascript into the webapp of
a bank you can wreak total havoc on their customers' accounts!
And you're not reducing the risk of DDOS or local outages, because you
can't put the complete banking application on a CDN. You're just reducing
load on your servers a little.
Bye,
Peter
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18 http://www.tivano.de/
63263 Neu-Isenburg
Germany
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list