Hello everyone. I am thinking of using openpgp as an authentication mechanism form my site and more. Send a random number to the client, the sessionId, which he then has to sign and send back.
I was also worried that if someone could attack my server, he could send arbitrary js code to the client and thus all clients would be compromised. So I decided to create a nodejs app that users would have to install locally that would provide them those js scripts. They would only have to contact the server for content. So now I am worried about someone injecting js code into the content. If I wrote a parser that removed script tags, I suppose this would be secure, right? The apps goal is to let users issue new currencies, that is why is security is very important.
_______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
