From 145547b6d8b2ab5c594e79cf7078dfe61971cf05 Mon Sep 17 00:00:00 2001 From: "Namhyeon, Go" Date: Wed, 10 Dec 2025 15:03:50 +0900 Subject: [PATCH] Update README.md (Catswords.Phantomizer) Update README.md (Catswords.Phantomizer) --- WelsonJS.Toolkit/Catswords.Phantomizer/README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/WelsonJS.Toolkit/Catswords.Phantomizer/README.md b/WelsonJS.Toolkit/Catswords.Phantomizer/README.md index 2d448bb..644d432 100644 --- a/WelsonJS.Toolkit/Catswords.Phantomizer/README.md +++ b/WelsonJS.Toolkit/Catswords.Phantomizer/README.md @@ -13,8 +13,9 @@ It allows your application to fetch and load assemblies directly from your CDN ( * Optional `.dll.gz` decompression for faster network delivery * CDN-friendly URL structure * Easy bootstrap through a small embedded loader -* Loader is implemented using **pure .NET BCL only**, ensuring stable operation without external dependencies +* Loader is implemented using **pure .NET BCL only**, ensuring stable operation without external dependencies (Both .NET Framework and .NET Core supported) * Built-in **code-signing verification** support to ensure assemblies are trusted and tamper-free +* An efficient integrity verification process based on an integrity manifest (NFT-grade immutability) --- @@ -148,6 +149,10 @@ Phantomizer can verify assemblies before loading them by downloading an integrit You can host this integrity file anywhere — **preferably separate from your main CDN**, to prevent tampering and ensure independent verification of assembly integrity. +### 🔒 Why separate Integrity URL and main CDN? + +Separating them prevents a compromised CDN bucket from serving malicious DLLs **and falsifying the integrity file**. Phantomizer can **trust the integrity manifest**, even if the main CDN is partially compromised. + ### ✔ Recommended: Filebase (IPFS-pinning, NFT-grade immutability) Filebase provides **immutable IPFS-based storage**, which is widely used in blockchain ecosystems — including **NFT metadata storage** — due to its strong guarantees of *content-addressing* and *tamper resistance*.