Website security
Out of context: Reply #18
- Started
- Last post
- 18 Responses
- SteveJobs0
AES uses a symetric key. i use this for basic encryption of server requests containing sensitive data. however, the same key exists on both the client and server, so if it's compromised on either end, you'll need to be able to change it.
if it can meet your needs, RSA provides better encryption since it uses a public and private key. you give the public key to the client. this key cannot generate the encrypted message from the server, so you don't need to worry about anyone getting their hands on it. this is the popular encryption technique used for SSL certificates.
anyway, what you really need to find out from your client is WHAT they are wanting to encrypt and make sure they understand how the process works. generally, when someone talks about website security, they are talking about sql injection and cross-site scripting, not AES.