[Owncloud] Re: GSOC brainstorming.
Riccardo Iaconelli
riccardo at kde.org
Thu Jan 27 19:29:25 UTC 2011
On Thursday 27 January 2011 23:52:11 Hasanat Kazmi wrote:
> One way of securing the content is to zip it with password on fly.
> Thats easily doable using built-in php modules. Moreover, every OS
> nowadays has build in zipping & unzipping support.
Uhm... what about SSL?
> But still the content of folders will be apparent to tracker server,
> though it can't see whats inside the files. This can also be fixed by
> using client-side JavaScript encryption.
> About Client side JavaScript encryption:
> You get folder list in encrypted from. Now the user enters password on
> the webpage and it decrypts it on the fly (using js, without
> communication with server). (It won't be slow because encrypted
> content is very small)
What password would this be? Javascript passwords would be quite easy to
intercept... no?
> User can always have a glimpse on source of
> webpage to ensure that it not tempered by tracker. Even if tracker is
> somehow saving my decrypting password, it still can't look inside the
> content.
I like the idea, I'm just trying to make it bulletproof. :)
Bye,
-Riccardo
More information about the Owncloud
mailing list