I'm developing a web project using JavaScript with AJAX requests to WebServices and I'm interested in encrypting the information.
How secure is to encrypt from the client side? Remember that I'm not using a server side language.
I'm developing a web project using JavaScript with AJAX requests to WebServices and I'm interested in encrypting the information.
How secure is to encrypt from the client side? Remember that I'm not using a server side language.
Share Improve this question asked Sep 8, 2011 at 15:48 Diogo CardosoDiogo Cardoso 22.3k26 gold badges102 silver badges138 bronze badges 5- 2 If you encrypt something on the client side it makes sense that everyone can see that information as is, doesn't it? – yoda Commented Sep 8, 2011 at 15:50
- What are you trying to acplish? – Chris Pietschmann Commented Sep 8, 2011 at 15:50
- Do you mean ensuring the data is secure during transmission to the service? If so why not use https? – Alex K. Commented Sep 8, 2011 at 15:51
- I'm using https connection but besides that I'm interested in encrypt data before sending it to the WebService. – Diogo Cardoso Commented Sep 8, 2011 at 15:55
- This might be relevant, or at least interesting: github./GPGTools/Mobile/wiki/Introduction – brandeded Commented Mar 4, 2013 at 17:56
3 Answers
Reset to default 5There was a huge discussion on hackernews about this last week, inspired by this article on matasano..
Basically, secure javascript does not exist. The only way is to have everything be over HTTPS, because if you don't, you expose your user to certain flaws.
But once you have HTTPS, extra encryption via javascript is pointless: everything already is secure.
Couldn't you just have your connections be https instead of http?
Not very secure. There are little tricks here and there that you can do to make it a bit more difficult to breach the security but in the end if you give both the key and lock away to the public then you're not really secure.