Skip to content

The very dangerous CDN…

July 25, 2013

Please, read this blog entry from NetDNA

Usually, you rely on CDNs. It is a fast way for your clients to retrieve basic libraries (like JQuery, Bootstrap and some others). This blog article shows that it can be very dangerous: thousands of infected users. After you read the blog entry, you will understand the following points:

  • The security breach is often human: not revoking rights of system administrators is very, very bad.
  • Using CDN is giving to a third-party the responsability of delivering your content and can be dangerous. Then relying on your own security is perhaps more challenging but trusting in the security of others is not my cup of coffee.

In conclusion, relying on CDN is basically done for three (bad) reasons:

  • Saving the server bandwidth (and sometimes the CPU) of your server: not a problem except if you have a really big amount of connections.
  • You bet that the CDN is up: but, as I experimented, the availability of a site (including big ones) is about 99,95% (about 20 minutes of unavailability per month) then if you have your server and 3 different CDN you rely on, you website availability goes down to about 99,8%. Not so good (more than 1 hour of unavailability).
  • The last one is spying: when you rely on a third party for getting javascript or CSS files (or any file), you give to them the capability to see what our clients are (by getting their browsing habits, their IPs, their browser). Note it is the same when you rely on third-party analytic software (like Google Analytics)

From → Computers

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: