Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why use hashed CSS stylesheet and Javascript file names?

Tags:

javascript

html

css

php

hash

When looking deeply at the code of some most popular websites, I've seen many times that, CSS and JavaScript file name are like this,

<link type="text/css" rel="stylesheet" href="//sample.com/css/css__k3sYInttBtNNuJgtPSyqaYy9vVxS4qTZLrfs1ujQB9g__SH_QaIH3bnSp3nOw8n8afhszfHJlxVt51qRlrrrOnk0__fBOuweRojwN82z7EY4v-sVsMwU_P_vZSaU3fmyho6Do.css" media="all" />

<script type="text/javascript" src="//sample.com/js/js__-V23Vc4PVahQcqfyxss_rmNogErBARnPCvI7oPXC0qQ__O-yO5Gg8pRRaefl4d0X9qXUJTOSHq0yazxF-4tJCU_k__fBOuweRojwN82z7EY4v-sVsMwU_P_vZSaU3fmyho6Do.js"></script>

It seems like that file names has been hashed and I don't know what is the reason. So I've got following problems.

  1. What is the purpose of using this kind of method?

  2. I've seen Very complex folder names also. Why is that?

  3. Are there any security concerns?

  4. Can we dynamically change file/folder names using PHP for maximum security?

I am little new to this area.

like image 595
LuckyG Avatar asked Nov 14 '17 15:11

LuckyG

1 Answers

You can assume that these file/folder names are not what the developers are working with during the development phase, but rather an artifact of the files' build process. JavaScript and CSS is often built into a single file from several source files, involving more or less compilation/transpilation and bundling steps.

The reason why you would want the filename to be/include a hash of the file is that this forces a cache invalidation whenever the file changes. Static files can be cached by the browser, server, and a number of other agents in-between. This is fine as long as the file does not change. However, when a new release is published, the user should be served this new version. If the file name of the resource changes, the browser will always request the new version of the file from the server, rather than using a cached version.

You should not rely on complex file names like this as a security/authorization feature. The file names are referenced in the app's index file and thus known to the end user. Also, security by obscurity is generally a bad idea.

like image 164
TimoStaudinger Avatar answered Oct 19 '22 18:10

TimoStaudinger
Sign in to Comment

Related questions

reduce to sum up all values in array of object failed
Firebase, query "not equal to"
Record mic and audio from SIP call using sip.js
Call constructor from derived type via this in typescript
Do not execute jQuery stored inside array each time function is called
How to make specific part of a string bold in Angular 2
Does a web extension need to explicitly load content scripts?
What happens to JS ServiceWorker when I close the tab
Javascript listen for style changes made in developer-tools
Chart.js tooltip hover customization for mixed chart
Vue.js - Can't access computed properties from methods
How to check if a Firefox WebExtension is installed or not with page JavaScript?
Collecting users who reacted to a message using discord.js
Conditional Rendering and ReactCSSTransitionGroup Animation
Generics: Type as property name
Rxjs: Merge two streams with one stream that depends of another
Redux state - Add/Edit/Remove object and its properties
Behaviour of last elements in grid
How to check if the JSON Object array contains the value defined in an arrary or not?
Event-based unit tests fail with "done() called multiple times"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!