Reply to Re: public / private key client side encoding — PHP Language

Posted by C. on 10/12/07 10:26

On 10 Oct, 19:16, Anze <anzen...@volja.net> wrote:
> The problems I see are:
> - where would the client key reside? I guess in a cookie, but it should be
> installed there and kept permanent...
> - the administrator could have access to PHP pages too so he could alter
> them and get the key through XSS attack
>

If you can't answer these you don't have a consistent security model.
Combine that with a complex security architecture and you've spent a
lot of time and effort developing something which is not fit for
purpose.

Anything decrypted on the server is susceptible to detection by
someone controlling the server. Any data sent to / from the server is
susceptible to detection.

C.

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация