|
|
|
|
|
|
by mahmud
5997 days ago
|
|
|
You're not over thinking it, the web has trained people to trust it with their credit cards, while your application has to establish itself a new. The best thing you can do is mimick the visual cues of browser security and put a big fat golden lock somewhere on the screen, and show other cues of encryption in use (say, show a certificate verification dialog.) Of course, use OpenSSL! This goes without saying. Don't fake security if you're sending sensitive stuff in plain text. Just to be sure your users don't have a keylogger (specially on Win32) provide an on-screen keyboard/keypad and accept input only through that, or encourage it over the actual keyboard. The more security hoops people jump through the better they like it, at least I do. |
|
|