My aim is to make a very basic password manager using Javascript. Now in order for the manager to work securely, encryption and decryption must happen on the client, which presents a unique problem with the way I envision the manager from working (ignoring how I will actually go about encryption and decryption of the database for a second):
- I want to store a text file of new-line character delimited dictionary words on the server
- The encrypted password database is also stored on the server
- I download both these items
- I decrypt the password database locally
- I want to compare the passwords with these dictionary words to suggest if a user needs to update their password for security
Most people have suggested using JQuery with Ajax to download the resource. But in practice, performance has been very slow, as the text file is almost 4MB in size. In such cases, most people advocate doing this processing server side. However, as you can clearly tell, that would be difficult without posing a serious security risk.
Is there anyway I can implement the proposed feature, while largely sticking to HTML and Javascript(I've used CGI scripting as well), without seriously compromising user security?
Apologies if this answer is obvious, I'm very new to web programming! Thanks.
Aucun commentaire:
Enregistrer un commentaire