Security question on hiding data from possible snooping apps
-
Hello, Sorry if this is a completely lame question, but is there a approach that allows info to be securely sent server->client->server such that only the client application, and no other application on the client's side, can intercept it? This would be useful in situations where the client application only wants certain parts of the incomming data to be available to the client's user, and can not assume the client is not peeking (monitoring incoming traffic). Thanks, KnaveWave Oi! Oi! Oi!
-
Hello, Sorry if this is a completely lame question, but is there a approach that allows info to be securely sent server->client->server such that only the client application, and no other application on the client's side, can intercept it? This would be useful in situations where the client application only wants certain parts of the incomming data to be available to the client's user, and can not assume the client is not peeking (monitoring incoming traffic). Thanks, KnaveWave Oi! Oi! Oi!
-
Hello, Sorry if this is a completely lame question, but is there a approach that allows info to be securely sent server->client->server such that only the client application, and no other application on the client's side, can intercept it? This would be useful in situations where the client application only wants certain parts of the incomming data to be available to the client's user, and can not assume the client is not peeking (monitoring incoming traffic). Thanks, KnaveWave Oi! Oi! Oi!
-
You don't HAVE to keep the key in a readable state in the client. You can do a simple encryption of the key within the client. (XOR, bit shift or some other way). Then decrypt the key whenever you need it. When there is no need for the key, overwrite the used key buffer with random characters, and delete it. That way, the key will exist in plain text for a very short amount of time. Just a thought, maybe you can decode the key witin a CriticalSection block? Will a CriticalSection stop other apps from executing? I'm not sure.
-
Hello, Sorry if this is a completely lame question, but is there a approach that allows info to be securely sent server->client->server such that only the client application, and no other application on the client's side, can intercept it? This would be useful in situations where the client application only wants certain parts of the incomming data to be available to the client's user, and can not assume the client is not peeking (monitoring incoming traffic). Thanks, KnaveWave Oi! Oi! Oi!