|
|
|
|
|
|
by mikeash
4387 days ago
|
|
|
Server-side crypto protects you from someone just hacking your server and downloading the data too. Serving from a smaller and more protected server is interesting, but you'd have to serve at least the HTML as well as every piece of JavaScript (not just the crypto) which doesn't leave too much room for other stuff. And why not just do the crypto server-side on that smaller, more protected server then? |
|
|
You are right.
> which doesn't leave too much room for other stuff.
Well... HTML and JS can be light and static. Backend stuff is what might require multiple servers, databases and lots of people involved.
> And why not just do the crypto server-side on that smaller, more protected server then?
Because you'd have to pass all of the data that you wan't to secure through it. Besides server-side crypto is surely more complicated and would need more people involved especialy with large volume of data than just serving static files.