On Wed, Jul 16, 2014 at 4:11 PM, <[email protected]> wrote: > Hi, > > I don't want to ruin your day, but why would you want client side > encryption in javascript? How could the user be sure that the script is > working as advertised? I doesn't see a way to guarantee that without > trusting the server where the javascript file is coming from. But in > that case you can also just upload the unencrypted file over a secure > (ssl) connection. >
I guess the use case is obvious. As a client, you can't actually trust it if the encryption is done on server side. If your server is in a VPS in a server farm, then it also means you can't trust the hosting provider neither. Whoever has access to the server can theoretically decrypt your files. If you do it on the client side, then it becomes really trusted, but it can also become complicated when it comes to things like sharing, differential updates, etc.
_______________________________________________ User mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/user
