i want to implement a super secure web interface..
the death of SQL-Injection..
my server accept only crypted urls,no valid encryption no answer...
For security URLS and high secure URL Requests for smartphone or other have simple idea
and some scripts which do this
on any smartphone app is default pgp public key,
every request url is crypted by this "default" public key 4094Bit
param is content in url.many Werbserver can up to 50000 character at param,
with no problems content of a few params and settings are less than 2000 chars.
send this like so
grab the param,decrypt with private key > send to backend.
it works perfect...fast
after that create her own keypair server side ,and give the result after signON,
encrypt as following
now the plaintext in contentofcryptedpgpfile is the key that ask the DB for the private key of my userparam
so the server read the private key for the 2nd.param and can decrypted too.
do anything with plaintext params ...
all works perfect with this 2 params.Have implement this in my app
any suggestions or security problems ???