|
|
|
|
|
|
by nibdo
1240 days ago
|
|
|
This is different issue than data transmitted. For example you have email web app with E2E encryption. With client side E2E encryption you don't need to trust server with your data, but you definitely have to trust client. But here comes problem, because client is distributed from server you don't want to trust and each page refresh can download new code from server. You need somehow to check if client is not made malicious by attacker or whoever. With code signing you can do two things:
- check if code was signed by developer and block downloading new source if not
- or even more (advanced), verify that that signed build you are downloading is actually build, which is published somewhere and can be audited. |
|
|