I’m creating a site for distributing software to clients. We’re implementing lots of security bells and whistles on it to reasure the clients that software they’re running wont have been tampered with.
I’m toying with the idea of encrypting the files we upload to the server, but I’m not sure if there’s much point conisdering the overhead it entails. The files are decrypted anyway when being transmitted to the client. As well as this, if a hacker gets into the server and replaces the encrypted files, they can also change any hashes we made of the files to check they havnt been manipulated.
So… is it worth encrypting the uploaded files?
I’m creating a site for distributing software to clients. We’re implementing lots of security
Share
Oh security.
How can the client be sure they’re talking to the correct server.
How can the server be sure they’re talking to a legal client.
How can the user be sure they’re not using a compromised client etc.
Is the server in your custody or is it a shared server. How volatile is the data and is datatheft an acceptable risk or not.
Please expand your current situation. Do you use encrypted communcation. Is the communcation over internal or external lines. Do you thrust the server support team.