Collaborate Disseminate
I have spent the better part of 2 weeks looking at a solution to secure my game. It’s a game for Android/iOS that has its own server/database.
So far, the only security I have is salt+hash passwords. But anyone can call my … Continue reading Can storing a secret in the client be considered "good enough" security?
I’m creating an web-application that has a simple javascript game in it. Once the player finished playing the game the high-score is sent to the server and saved.
After a specific period the player with the best score receiv… Continue reading Sending a client-side high-score to a server securely
I’ve been working for some time on a pet project of mine: a note-taking application similar to Evernote with the difference that all content is client-side encrypted. I would like to get some feedback on some architectural de… Continue reading Key Management and Authentication in Note Taking App with Client-Side Encryption
I’m building a frontend/backend separated system where the user 2FA auths in and gets a JWT back to the client side.
I’m using angular and for now I just store that token in $window.sessionStorage and include it in the heade… Continue reading Best practice for storing auth token client side
I’m building a frontend/backend separated system where the user 2FA auths in and gets a JWT back to the client side.
I’m using angular and for now I just store that token in $window.sessionStorage and include it in the heade… Continue reading Best practice for storing auth token client side
I have a debate about how to properly log errors for the client part (Java Swing) of a client-server application from a security point of view.
I think it is common sense that exposing error details like exceptions and stacktraces to ‘unt… Continue reading Logging error details in a (desktop) client application
I am currently running my website in shared hosting, and I am not able to register TLS/SSL for my website. However, I implemented jsencrypt [A Javascript library to perform OpenSSL RSA Encryption, Decryption, and Key Generation] to encrypt… Continue reading No SSL: Web Application Security using html fragment identifier (#)
Imagine that you have a web application that encrypts the user’s data, such as a note or spreadsheet, on both the server and client.
The normal process for a user using this web application is something like this:
The user… Continue reading How To Prove That Client Side Javascript Is Secure?
I am a web developer, and have been trying to learn a bit about security, and the thing that seems to be the biggest principal is just to trust the client with as little as possible. Is this a correct idea? What situations wo… Continue reading Don’t trust the client?
Background
I’m trying to design a secure and sustainable web app for messaging.
The purpose is to learn how to create secure web application.
The application is suppose to be written in Javascript for web based clients and PHP for server… Continue reading Asymmetric / end to end encryption for web messaging app