Timeline for Encrypting data on client side and passing it to server side
Current License: CC BY-SA 3.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 8, 2014 at 20:14 | vote | accept | HelpNeeder | ||
| Nov 3, 2014 at 2:15 | comment | added | HelpNeeder | What if instead of sending the encrypted data that can be decrypted, and use hash like SHA512 instead? That would pretty much eliminate man-in-the-middle problem? although, this would make sense only in such things like login. | |
| Nov 3, 2014 at 0:16 | comment | added | HelpNeeder | I wasn't aware, and thank you for pointing this out. But as Tim suggested using asynchronous encryption would be good-enough protection for this simple project when dealing protecting user data without having HTTPS on every page, which is costly. | |
| Nov 2, 2014 at 17:36 | comment | added | 200_success | Note that without HTTPS, any JavaScript-based encryption is still vulnerable to man-in-the-middle attacks. A rogue wireless access point or ISP could serve a trojaned jcryption.js to the client and defeat the whole thing. | |
| Nov 2, 2014 at 11:42 | comment | added | HelpNeeder | I'm thinking of using jcryption.org instead. | |
| Nov 2, 2014 at 11:41 | comment | added | HelpNeeder | Just providing basic security for small CMS. Case may be that HTTPS might not be available. If I could assure that I could use HTTPS every time, I definitely would use it. Thanks. | |
| Nov 2, 2014 at 10:19 | answer | added | tim | timeline score: 4 | |
| Nov 2, 2014 at 9:36 | comment | added | 200_success | Why not just use HTTPS? | |
| Nov 2, 2014 at 9:09 | history | edited | 200_success | edited tags | |
| Nov 2, 2014 at 9:06 | history | edited | Jamal | CC BY-SA 3.0 | Specific questions need not be in the title |
| Nov 2, 2014 at 9:00 | history | asked | HelpNeeder | CC BY-SA 3.0 |