transcyberia.info

Think a minute about the security challenges involved in creating a health-centered social network. Or, more generally, any web application that has to handle sensitive user data. What if the database server becomes compromised? How do you make sure that, even if the database is stolen, your users' secrets remain confidential? How can any cloud computing application provide any significant measure of privacy?

At Clipperz they claim to have found the solution: they call it "zero-knowledge web applications". Since the term "zero knowledge" has a precise meaning in cryptography, that's a bit confusing. What Clipperz promotes boils down to evangelism for the "host-proof hosting" AJAX programming pattern.

client-side encryption

You still with me? It's a very simple concept, actually. Encrypt any sensitive data on the client-side browser before sending it to the web server. Data is never stored plaintext. Users can retrieve their data, in encrypted form, and only in their private browser is it decrypted and becomes accessible. Should the database server be compromised, an attacker finds only encrypted gibberish in the database.

Wow! Total privacy in the cloud computing age! Why don't we rewrite all our web applications to use this neat trick? Yes, why don't we? Read on to find several answers to that question.