- From: Mitar <notifications@github.com>
- Date: Mon, 26 Oct 2015 23:41:46 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
- Message-ID: <slightlyoff/ServiceWorker/issues/761/151393930@github.com>
Hm, but that evil SW had to come from the server anyway. So if it is evil, then the server can keep sending the evil one. Or are you wondering for the threat when server is compromised temporarily, an evil SW is sent, and from there on even if the server gets fixed, clients still have an evil version? I would say this is closer to certificate pinning. So as you could pin the server certificate, you could pin server worker code. In the case of the code, it can also verify (because it is the code) the next version of the code as well. So yea, the same as saying that certificate pinning could be misused by server being attacked and deployed an evil certificate, and then from then on that certificate would be pinned, even if the server is fixed, I do not think this is really a serious case? But yes, browsers could introduce some flag that client and server SW code is not matching anymore and that SW code prevented it from loading with maybe some message from SW why it did that. And then user can decide what to do. In practice, SW code should not be prevented from loading from the server side if user is not under an attack. So if SW detects an attack and prevents loading this is anyway a good moment to start throwing warnings at the user. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/761#issuecomment-151393930
Received on Tuesday, 27 October 2015 06:42:19 UTC