Re: public / private key client side encoding — PHP Language

You are here: Re: public / private key client side encoding « PHP Language « IT news, forums, messages

Posted by C. on 10/12/07 10:26

On 10 Oct, 19:16, Anze <anzen...@volja.net> wrote:
> The problems I see are:
> - where would the client key reside? I guess in a cookie, but it should be
> installed there and kept permanent...
> - the administrator could have access to PHP pages too so he could alter
> them and get the key through XSS attack
>

If you can't answer these you don't have a consistent security model.
Combine that with a complex security architecture and you've spent a
lot of time and effort developing something which is not fit for
purpose.

Anything decrypted on the server is susceptible to detection by
someone controlling the server. Any data sent to / from the server is
susceptible to detection.

C.

Navigation:

Next in forum: Re: 'require_once' or 'include' security question
Prev in forum: Re: 'require_once' or 'include' security question
Thread view: Re: public / private key client side encoding

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация