Ew. I think this project is harmful because it offers a false sense of security. How is the client-side encryption javascript sent to the browser in the first place? If it's not already sent over SSL, it can be intercepted and modified by attackers to send a copy of the cleartext to the attacker, for example.
The reason why SSL is secure is because it's already baked into the browser and attackers can't tamper with that machinery. This project removes that. On Saturday, April 28, 2012 2:32:56 AM UTC-6, shawn wilson wrote: > > Anyone seen this? > http://assl.sullof.com/assl/ > > Is there any work to get this working with node? Any interest? > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
