Gavin Benda
common caching (cachefilenet)
The idea behind "CacheFile.net" is that you could provide a common source for javascript libraries and images to be served from . I have actually pondered this idea before, but there is one huge issue that pops up everytime, security. You're including a remote javascript file on your own website, which could be "altered" to do malicious things via a cross site scripting attack to grab users cookies, redirect them to phishing sites, and all of the other nasties that come along with it.
Since there is a common source, hackers could concentrate their efforts and infiltrate every single site using the service at once. Not to mention it creates a fairly large single point of failure if the cache were to go down at anytime.
There really would need to be some way of "authenticating" the file each time you include it, and well, every solution I can think of either totally negates any speed gains made by the common cache.
One last point, is that this site seems to not work on https pages, which is a fairly major point, as browsers will throw up all kinds of errors if you try and include non-secure files on an secure page (and rightly so).
In short, it's a really good idea in concept, but the risks are simply too great for it to be of any use in a real world environment.
Comments on this article:
#2 Jon Davis says:
SUBIR, that's a non-issue. Generally, all cached script libraries on CacheFile are versioned -- as in, every URL has a version number.
#3 Jon Davis says:
Re the article: These are good points.
But while there is no such thing as a truly fail-proof system, both the security and uptime concerns are easily alleviated when one uses the Coral CDN alternate hostname. So long as the Coral CDN is up, the files will not go down and they will not change.
As for HTTPS support, I agree that's an issue; however, it's quite hardly a "real world" blocker except on those 10% of the sites out there where if you're going to have a secure transaction, you shouldn't be referencing external content in the first place.
Add Comment:
old windmill
google showing forum thread details
mountain sunset
png transparencies
New canon prime lens
photw: accomodation hill
mdadm RAID using an existing drive
new business and changes
photw: koala
photw: fire sticks
netforge provides high quality and friendly website design services to business. We're Australian based and reliable... (find out more).
Netforge
Richard O'neill
Jeroen Mulder
Adam Polselli
DailyWTF
Matt Cutts
#1 Subir says:
The other major issue is the file version. If i am using version 1 of the javascript and someone replaces it on the cache with version 2, then my page could stop working. Also, when you are running a website, you probably want control over your content and the ability to set your own cache headers. You lose this, if you use a common repository.