Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Super Secure https requests


  • Please log in to reply
No replies to this topic

#1 r3spect

r3spect

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 28 December 2016 - 06:31 AM

Hi @all,

 

i want to implement a super secure web interface..

the death of SQL-Injection..

my server accept only crypted urls,no valid encryption no answer...

 

For security URLS and high secure URL Requests for smartphone or other have simple idea

and some scripts which do this

 

on any smartphone app is default pgp public key,

 

every request url is crypted by this "default" public key 4094Bit 

param is content in url.many Werbserver can up to 50000 character at param,

with no problems content of a few params and settings are less than 2000 chars.

enough....

 

okay

send this like so

 

https://mywebserver.com/enc.php?contentofcryptedpgpfile

 

---

serverside :

 

grab the param,decrypt with private key > send to backend.

 

it works perfect...fast

 

step 2:

after that create her own keypair server side ,and give the result after signON,

encrypt as following 

 

https://webserver.com/enc.php?contentofcryptedpgpfile&usercrypt=contentOfMyOwnCryptedkeyfile

 

now the plaintext in contentofcryptedpgpfile is the key that ask the DB for the private key of my userparam

 

so the server read the private key for the 2nd.param and can decrypted too.

do anything with plaintext params ... 

 

all works perfect with this 2 params.Have implement this in my app

 

any suggestions or security problems ???

 

thanks

 



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users