客户端加密和解密与服务器集成,如何? [英] encryption and decryption on client side with server integration, how?
问题描述
我们的要求是将客户端的一些数据作为本地存储的一部分保留,因为我们还需要脱机访问我们的应用程序,但是我们希望其中一些文件应该由于某些原因而加密,但是加密和解密不应该完全在客户端,因为它也可以为客户端访问(安全威胁),如果它将依赖于服务器端而不是离线访问的问题。
简而言之,我想要一个可以离线访问的应用程序。使用一些加密文件(存储在客户端)并且加密方法(以及文件)也必须真正安全。
i对此没有任何了解如何克服这个问题(我也不太了解加密和解密及其算法)。任何有关如何解决这个问题的建议??
Our requirements is to persist some of the data on the client side as the part of local storage as we have a need to access our application offline also, but we want that some of those file should be encrypted for some reasons but that encryption and decryption should not be completely on client side as it will be than accessible for clients too (security threat) and if it will be dependent on server side than it will be problem for offline access .
in a nutshell i want an application that will be accessible offline too. with some encrypted file (stored on client side) and that encryption method (as well as the files) must also be really secured.
i don't have any idea about how to overcome this problem (i also don't have much idea about encryption and decryption and its algorithms). any suggestion that how this problem can be solved ??
推荐答案
首先,每条路都有两端,你不能同时经历这两个问题,你做过吗?得到它?好吧,离线本身意味着忘记服务器,因为你无法访问它,因此在这种情况下不能进行加密。您无法执行任何服务器活动。
其次,您可以使用Viewstate在客户端存储数据。默认情况下,这将是base64编码字符串的形式。您可以随时检索它。请记住,没有加密安全。
First of all,every road has two ends,you can not go through both at one time,did you get it?Well,offline itself means that forget about server as you don't have access to it,so encryption can't take place in this case. You can not perform any server activities.
Secondly,you can store data using Viewstate at client. That will be in form ofbase64encoded string by default. You can retrieve it whenever you want. Remember,no encryption is secured.
您可以使用下面提到的jquery插件之一来完成您的工作。
< b>如果您需要单向加密,请使用MD 5插件。
使用jQuery进行MD5加密
这支持两种方式(即加密和解密):
RC4对称加密/解密
更新
You can use one of the below mentioned jquery plugin to do your work.
If you need one way encryption,use MD 5 plugin.
MD5 Encryption using jQuery
This supports both ways (i.e. encryption and decryption):
RC4 Symmetric Encryption/Decryption
UPDATE
关于本地存储和安全的最终想法
不要将本地存储用于会话标识符。坚持使用cookies并使用HTTPOnly和Secure标志。
如果cookie由于某种原因不起作用,那么使用会话存储,当用户关闭时,会话存储将被清除浏览器窗口。
小心将敏感数据存储在本地存储中。就像任何其他客户端存储选项一样,用户可以查看和修改此数据。
Final Thoughts on Local Storage and Security
Don't use local storage for session identifiers. Stick with cookies and use the HTTPOnly and Secure flags.
If cookies won't work for some reason, then use session storage which will be cleared when the user closes the browser window.
Be cautious with storing sensitive data in local storage. Just like any other client side storage options this data can be viewed and modified by the user.
这篇关于客户端加密和解密与服务器集成,如何?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
