Reply to thread

Message: <blockquote data-quote="jdchathuranga" data-source="post: 29102646" data-attributes="member: 198330">Machan,Why are you doing this,  Encrypt means, those data can only be accessible by the people who has access to the keyGiven that,If the secret key is in the browser(in the angular js app in a plan text form), anyone who has access to the angular app can access the secret. You are not getting any additional advantage at the browser levelAssume that you have SSL between angular app and the server, your secret key transfer to the backend is already secured by SSL, you are not getting any additional advantage by doing encryption at the js app level.By having encrypted data in the db is an advantage, people who has access to the db can't access data. if that what you need, you can simply send the secret to the backend, and in the backend you can encrypt that secret key and insert in to the db and decrypt when you want to read that data. if you are doing this, you have another problem, how do you manage your encryption key. that hast to be stored somewhere. If you want to implement this properly, you can try to use some key vault to store the key. then again if someone has access to the db and key vault both, he can access data. If you are encrypting at the browser level, your problem gets more complicated, you have to have a secure way to send the keys to js app etc. this case key has to be in plain text, then you are back to the original problem. secret is encrypted, but key is in the plain text form in the browser.</blockquote>

Verification: Haya warak paha keeyada? (haya wadi kireema paha)

Top Bottom