Re: Security Feature Request : Subresource Integrity(SRI), Content Security Policy (CSP) - Status changed to: Acknowledged

Security Feature Request : Subresource Integrity(SRI), Content Security Policy (CSP)

Status: Acknowledged
Submitted by baraths84 ‎10-02-2018 08:58 PM - edited ‎10-02-2018 08:58 PM

Hi Tealium Team,

Currently tealium does not support important security feature called - Subresource Integrity (SRI) ,its a security feature that enables browsers to verify that files they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched file must match.

+ Content Security Policy (with SRI)

Though Tealium provides Checksum through its revesion API, which is not equivalent and does not help mitigate realtime.

Due to modern security attacks like #magecart on ecommerce websites. Its important to see this feature suporrted through Tealium Tag Management(IQ)

References :

https://caniuse.com/#search=SubResource%20Integrity

https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

https://www.symantec.com/blogs/threat-intelligence/formjacking-attacks-retailers

Thank you

Barath

 

Status: Acknowledged

@baraths84 Thanks for this idea. 

Comments
by Community Manager
on ‎10-10-2018 01:45 PM
Status changed to: Acknowledged

@baraths84 Thanks for this idea.