Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there any way to prevent or detect a man-in-the-middle attack over plain HTTP?
I want to run a javascript applet on a client machine with confidence that the code wasn’t modified. Are there any clever tricks to sign the code or deliver it safely without going the usual route of HTTPS and a certificate?
No, not really. By the time you make it secure, you’ll have had to reinvent at least 90% of HTTPS (or something very similar, anyway) — but probably have done an inferior job of it. No insult intended, but very few people are capable of designing something like this adequately. The usual is for a specialist (or a few of them) to design it as well as they can, and still plan on having to fix at least a few problems over the next few years as more cryptanalysts look at it. Chances of a non-specialist getting it right the first time are right up there with those of winning a major lottery and being hit by lightning at exactly the same moment.