/**this might be a stupid question***?
I have been tinkering with encrypting/decrypting and encoding/decoding data from a Livecode Desktop Application to Livecode Server. Great. I have a good grasp on the basics, and can successfully encrypt passwords, encrypt data with those passwords, and then decrypt everything on the server, do stuff with that data, and return data from a database on the same server.
My question: should the return data also be encrypted? and then decrypted on my application, or is this not necessary?
I have an ssl cert on my server, and use https:// in the address I am sending to, but I don't have enough grasp on the concept to know if the data I am getting back from my server is in danger of being intercepted by men wearing black clothes and smoking cigarettes.
Return Data from Livecode Server
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
-
- Livecode Opensource Backer
- Posts: 366
- Joined: Tue Apr 10, 2012 9:18 am
-
- VIP Livecode Opensource Backer
- Posts: 7258
- Joined: Sat Apr 08, 2006 8:31 pm
- Location: Minneapolis MN
- Contact:
Re: Return Data from Livecode Server
The men in black clothes can intercept the data in either direction, so I'd say encryption would depend on how secure you need it to be. If it's sensitive, then encrypt it.
Jacqueline Landman Gay | jacque at hyperactivesw dot com
HyperActive Software | http://www.hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
-
- Livecode Opensource Backer
- Posts: 366
- Joined: Tue Apr 10, 2012 9:18 am
Re: Return Data from Livecode Server
Thanks. That helps.The men in black clothes can intercept the data in either direction, so I'd say encryption would depend on how secure you need it to be. If it's sensitive, then encrypt it.
The encryption to the server (and subsequent filtering I have set up) helps prevent people from sending random queries to my server, guards against SQL injections, etc., and protects the data being sent
If the return data is not sensitive information, then the men in black can have all the information about pet sizes, excersise routines, or whatever the application is for.
If the return data is client information, credit card receipt, then I should encrypt the return data. I suppose I should use a seperate set of rsa keys for return data.