You are here: Re: public / private key client side encoding « PHP Language « IT news, forums, messages
Re: public / private key client side encoding

Posted by David McKenzie on 10/16/07 01:27

C. wrote:
> On 10 Oct, 19:16, Anze <anzen...@volja.net> wrote:
>> The problems I see are:
>> - where would the client key reside? I guess in a cookie, but it should be
>> installed there and kept permanent...
>> - the administrator could have access to PHP pages too so he could alter
>> them and get the key through XSS attack
>>
>
> If you can't answer these you don't have a consistent security model.
> Combine that with a complex security architecture and you've spent a
> lot of time and effort developing something which is not fit for
> purpose.
>
> Anything decrypted on the server is susceptible to detection by
> someone controlling the server. Any data sent to / from the server is
> susceptible to detection.
>
> C.
>
And anything decrypted on an end-user's machine is usually open to the
public.

--
DM davidm@cia.com.au

'It would go against respecting principles and truth if you have to
respect and accept anything just because it is the other side's view.'
- Kim Jung Ill

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация