rugk
commented
8 years ago :+1:
Closed elrido closed 8 years ago
rugk
commented
8 years ago :+1:
rugk
commented
8 years ago I don't really know how you imagine your "federated scenario"...
As long as the basic index file is always loaded from your own server you can use SRI to protect any other files loaded (from other servers). Currently all files are of course loaded from your own server, but with SRI could could easily change this without weaken security.
And you of course can still use SRI for your own server (in this case you also don't need the CORS header). Combined with a CSP this would also reduce the user trust to one single file: The index file. So security-minded users could check whether the served index file is correct (hash it with a hash you e.g. provide in the Readme here for all themes). Therefore this would mitigate https://github.com/elrido/ZeroBin/issues/8 as users can easily check whether all served files are valid.
elrido
Some browsers (Chrome & Firefox) will soon add a new W3C specification called subresource integrity:
Here is an example from a Firefox developer blog post:
Although so far I see no reason to switch zerobin to CDN usage, simply for the benefits federation offers, it might be worth to add such hashes for our JS libraries.
In a federated scenario, if an attacker can manipulate the JS to compromise the encryption (i.e. by injecting a "master key"), that attacker can also manipulate the integrity hash, so one would not notice this. On the other hand it gives the more security aware visitors some means to check if the library used by a specific zerobin instance matches those from a certain release or not.
Also to consider: Any development change to a JS library will invalidate its hash, so it would be very helpful to have some script to easily regenerate and update the hashes in all templates.