Alexis Métaireau
Alexis Métaireau
Hi, It's possible that the serialization on the client side didn't work properly, but it's hard to tell without more information. In order to have a proper look, we would...
Another way would be to do symmetric encryption using a key known by user A and user B, and would let the possibility for both of them to decrypt the...
You can pass it in the url hash, which isn't sent to the server
No, I'm referring to the hash part, eg https://server/url/#secret Here I believe 'secret' is not sent to the server
So what would be a better way? Would it be possible to derive the keys from the hash rather than relying on local storage?
So if we have a way to trust the code that's running on the client, then we should be safe. This remembers me of https://blog.notmyidea.org/web-distribution-signing.html but I believe it's orthogonal...
> The fundamental question is: if users don't trust the people operating the database, why would they trust the same people to keep the javascript safe? That's exactly why we...
Also, the design described earlier in this thread prevents the administrators from knowing what's inside the database as they don't have the keys. So, for instance, they cannot give data...
We could have an administrator-editable template, per bucket, that's sent to form creators when a new answer is submitted. It could be something generic enough that it is part of...
I believe this adds a lot of value to the project because it engages the users easily.