http://transcyberia.info/ open .:. technology .:. economics en Serendipity 1.2.1 - http://www.s9y.org/ http://transcyberia.info/archives/36-host-proof-hosting.html web http://transcyberia.info/archives/36-host-proof-hosting.html#comments http://transcyberia.info/wfwcomment.php?cid=36 3 http://transcyberia.info/rss.php?version=2.0&type=comments&cid=36 nospam@example.com (Guido Stevens) <p> Think a minute about the security challenges involved in creating a health-centered social network. Or, more generally, any web application that has to handle sensitive user data. What if the database server becomes compromised? How do you make sure that, even if the database is stolen, your users' secrets remain confidential? How can <em>any</em> cloud computing application provide <em>any</em> significant measure of privacy? </p> <p> At <a href="http://www.clipperz.com/">Clipperz</a> they claim to have found the <a href="http://www.clipperz.com/users/marco/blog/2007/08/24/anatomy_zero_knowledge_web_application">solution</a>: they call it "zero-knowledge web applications". Since the term "zero knowledge" has a <a href="http://en.wikipedia.org/wiki/Zero_Knowledge">precise meaning</a> in cryptography, that's a bit confusing. What Clipperz <a href="http://www.clipperz.com/users/marco/blog/2008/05/30/freedom_and_privacy_cloud_call_action">promotes</a> boils down to evangelism for the <a href="http://ajaxpatterns.org/Host-Proof_Hosting">"host-proof hosting"</a> AJAX programming pattern. </p> <h4>client-side encryption</h4> <p> You still with me? It's a very simple concept, actually. Encrypt any sensitive data on the client-side browser before sending it to the web server. Data is never stored plaintext. Users can retrieve their data, in encrypted form, and only in their private browser is it decrypted and becomes accessible. Should the database server be compromised, an attacker finds only encrypted gibberish in the database. </p> <p> Wow! Total <a href="http://www.communities.hp.com/online/blogs/mcm/archive/2008/07/04/gartner-s-report-top-seven-cloud-computing-security-risks.aspx">privacy in the cloud computing age</a>! Why don't we rewrite all our web applications to use this neat trick? Yes, why don't we? Read on to find several answers to that question. </p> <br /><a href="http://transcyberia.info/archives/36-host-proof-hosting.html#extended">Continue reading "host-proof hosting"</a> Fri, 04 Jul 2008 21:13:00 +0200 http://transcyberia.info/archives/36-guid.html http://creativecommons.org/licenses/by-nc-sa/2.5/ajax algorithm cloudcomputing encryption healthcare infosec privacy software technology web web20 http://transcyberia.info/archives/5-IE8-not-quite-standard.html openstandards themirrorpalace web http://transcyberia.info/archives/5-IE8-not-quite-standard.html#comments http://transcyberia.info/wfwcomment.php?cid=5 0 http://transcyberia.info/rss.php?version=2.0&type=comments&cid=5 nospam@example.com (Guido Stevens) <p> <a href="http://blogs.msdn.com/ie/archive/2008/01/21/compatibility-and-ie8.aspx">Microsoft has announced</a>, that the upcoming release of Internet Explorer will render standard-compliant web pages in a non-standard way. Standard-compliant rendering requires a non-standard page tag. <em>Huh?</em> </p> <h3><em>welcome to the mirror palace!</em></h3> <p> If you get the feeling something's not quite right here, <a href="http://www.regdeveloper.co.uk/2008/01/25/ie8_version_switch/">you're right</a>. The <a href="http://alistapart.com/articles/beyonddoctype">reasoning</a> behind this proposal was quickly shredded to pieces by the <a href="http://developers.slashdot.org/article.pl?sid=08/01/23/1740228">development community.</a> You might as wel <a href="http://www.katemonkey.co.uk/article/48/x-ua-lemur-compatible">have a laugh</a> <img src="http://transcyberia.info/templates/default/img/emoticons/smile.png" alt=":-)" style="display: inline; vertical-align: bottom;" class="emoticon" /> </p> <br /><a href="http://transcyberia.info/archives/5-IE8-not-quite-standard.html#extended">Continue reading "IE8: not quite standard"</a> Sat, 26 Jan 2008 00:54:00 +0100 http://transcyberia.info/archives/5-guid.html http://creativecommons.org/licenses/by-nc-sa/2.5/defectivebydesign ie8 openstandards themirrorpalace web