12/29/2023 0 Comments Make linked javascript file secure![]() The common problem with both options is that whatever function is actually doing this hashing, it needs to be small enough that the concerned user can verify it's safe to use within a few seconds. Take a hash of all of the Javascript code in memory. This means requesting all of the files included again. Take a hash of all files loaded to the client. These are the two ways I have thought about so far: The has will act as a fingerprint for the client side Javascript code and the user will be wary of a new hash. I want to be able to generate a hash of all of the Javascript loaded from my server. We have to assume that the attacker has modified any Javascript, be that inline or external. It's the Javascript that runs the web application that is the problem. The HTML is assumed to contain some Javascript code inside some script tags, and there is also lot of Javascript code loaded via external Javascript files that reside on the server. I understand that it's assumed that once you take over the server, you've lost, but I would like to know if my thoughts below allow for a client side secure solution. The Javascript would be programmed to send the key to the attacker/server. Now the attacker needs to modify the Javascript to read the client side key when the user enters it in the web application (client side). The attacker does not have the client side keys as they are never stored on the server. The situation is this: The server has been compromised and an attacker access to the server side keys. ![]() In this example let's just focus on the client side. The web application uses a client side encryption library such as SJCL The user enters an additional secure key that is used to encrypt the client side data.The user logs into the application using a login/password-hash stored on the server.The normal process for a user using this web application is something like this: Imagine that you have a web application that encrypts the user's data, such as a note or spreadsheet, on both the server and client.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |