我和我办公室的其他开发人员在这种情况下遇到了:
我们是一家需要向客户发送文件的保险公司。
但我们需要两件事:
从客户的角度来看:
对于2)我认为我应该使用md5并将其发送给用户,但这也需要它的真实性。。。所以我陷入了死胡同。
最好的方法是什么?
p.s. We don t want to open a virtual drive on our site - and let each costumer a username and Password.
这正是公钥加密(又称非对称加密)的初衷。
您有一个公钥和一个私钥。你把公钥发给任何你需要发送文件的人。没有必要保护它,你可以把它发布在你的网站上。任何使用您的私钥(这是秘密的)加密的东西都只能使用公钥解密。
因此,如果你的客户可以使用你的公钥来解密文件,这就证明它来自你,因为你是唯一拥有私钥的人。
看起来您需要非常好的隐私
如果您谈论的是电子邮件,请查看使用S/MIME。您使用由CA颁发的证书(很像SSL),它既证明您的组织发送了电子邮件,也证明其内容没有被更改。
包括Outlook在内的许多电子邮件客户端都内置了S/MIME验证支持。
你需要以某种方式对文件进行加密签名,客户需要有一种方法来验证这些签名。有很多方法:
要做到这一点,你必须考虑你试图保护什么,以及保护它对你和客户来说有什么价值。当文件存储在用户计算机上时,这是文件的真实性吗?您想避免客户篡改文件吗?是否要避免有人在文件到达用户之前对其进行篡改?
如果要共享的数据是文本文档,Adobe支持签名的pdf文件。这可能值得研究。
For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...
I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...
Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...
Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...
I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...
I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...
Three SHA512Managed related questions: Is SHA512Managed considered the best one-way hash available in .NET 3.5 for security? What Salt size should be used with SHA512Managed? The application is for ...
[Update] - I attach also full config files, for service, and for client (outside of here, not to flood the topic) I m having situation pretty much identical to the one outlined in this question, ...
