|
|
|
|
|
|
by SamReidHughes
5854 days ago
|
|
|
Do you actually have an attack in mind based on the fact that it's implemented in the browser? You, the owner of the server, change the code. That's the attack. There's no way for me to tell my friend Charlie that he can use the service and get secure communication, unless he installs a plugin for his browser to verify that the server has not changed the data it sends the user from the time when I verified the correctness of the code. And if he has to install a plugin to safely use this service, which is now never permitted to change its code, he might as well just install a plugin that has the code, or install a separate application for this purpose. |
|
|