Thanks Daniel,
Is there any MD5 encryption on client-side data for this
type of hacking?
Pushpendra
On 2 January 2014 13:15, Daniel Tabuenca dtabu...@gmail.com wrote:
Using HTTPS for serving scripts can help prevent man-in-the-middle
attacks, and provide assurance that the
I'm not sure how MD5 would prevent the kind of attack he is proposing
though. If the hacker has access to script source and can poison caches
they would presumably be able to edit the invocation of any MD5 hash
encoding and otherwise do anything else the application is normally allowed
to do.
Hi Daniel,
It enables you to calculate an md5 hash for your script, and compare that
with the server. that way, you know pretty sure your script is not altered.
If you demand the checksum on the server, before giving out any data, you
can be fairly sure that the scripts are not altered.
But this calculation is client-side. If the attacker has full access to
client-side scripts, they can easily ajax in the server-script, run an md5
on it and return that (while what's actually executing on the browser is
the compromised script).
On Thursday, January 2, 2014 9:33:06 AM UTC-8,
If he has indeed full access, there is nothing that can be done except
vigilant server-side security. However, that's hard as the client is
completely compromised, and the attacker has all the 'keys'.
Real security is very hard to reach on client-server systems. Even on
non-web applications
Yeah, just want to make sure the original poster understands that MD5 will
not solve the particular scenario he presented. SSL would go further, but
still he should still be fully validating any request on the server.
--
You received this message because you are subscribed to the Google
Using HTTPS for serving scripts can help prevent man-in-the-middle
attacks, and provide assurance that the script that is being executed came
from the server specified in the SSL certificate.
Angular js is no different than any other client-side technology, however,
and the browser should