|
|
|
|
|
|
by circafuturum
811 days ago
|
|
|
I'm working on a tool for sharing things like API keys using encryption apis built into the browsers, https://www.oncer.io. What I'm working on at the moment, and am sort of stuck on, on is how to make a web app doing in-browser encryption secure - since the server delivers the code that does the encryption in the browser, users sort of have to trust the server anyway to deliver that code. I would like to at least somehow, maybe through a browser extension, assure the user that the version of the web app running in the browser is at least is the same as the build output for a given release in the repo on GitLab/GitHub/the like maybe... then it's sort of like 2FA in the reverse direction, 2 sources (https server connection + extension doing code check) confirm that the real web app has been delivered to the browser. Appreciate any thoughts on this head scratcher! Maybe there's some way to assure the web app code integrity I just don't know about! :) |
|
|
You can't. End of story. Thankfully, most people don't care and will happily use it anyway.