== Recommended Secure Coding Practices

To check the integrity of a remote artifact, hash verification is the most
reliable solution. It does ensure that the file has not been modified since the
fingerprint was computed.

In this case, the artifact's hash must:

* Be computed with a secure hash algorithm such as `SHA512`, `SHA384` or `SHA256`.
* Be compared with a secure hash that was *not* downloaded from the same source.


To do so, the best option is to add the hash in the code explicitly,
by following https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity#tools_for_generating_sri_hashes[Mozilla's official documentation on how to generate integrity strings].

*Note: Use this fix together with version binding on the remote file. Avoid
downloading files named "latest" or similar, so that the front-end pages do not
break when the code of the latest remote artifact changes.*