this post was submitted on 19 Jan 2024
10 points (72.7% liked)

Web Development

3440 readers
12 users here now

Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development

What is web development?

Web development is the process of creating websites or web applications

Rules/Guidelines

Related Communities

Wormhole

Some webdev blogsNot sure what to post in here? Want some web development related things to read?

Heres a couple blogs that have web development related content

CreditsIcon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
 

Is there a way to develop and website using JS (and perhaps PHP) to create an E2EE website. Were all packets sent between the server and the userw device are E2EE, wrapped in a layer of encryption?

I know there is HTTPS but I am looking for something stronger than HTTPS.

By using some JS or PHP E2EE package, would I have to write or structure the website code very differently than you normally would?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 10 months ago

That's a completely different use case then, and the solution is Tor, proxies, ShadowSocks, vpn-ws.

But if you can't HTTPS, it's weird that you'd be able to do a VPN in the first place. HTTP only is super rare outside of China, and most places HTTPS would be blocked, VPNs are even more blocked

I mean technically you could encrypt most of the stuff client-side but you have to keep in mind the browser loading JavaScript over HTTP is still insecure and it would be easy to modify the script to also send the key to your attacker. There's nothing you can do that would be better than what the browser can do.

The only way to make it safe is to not have a web application. The code must already be on your device in a state you trust to be able to trust anything else that depends on it.

An easy fix might be to configure your browser to use your server as a plain HTTP proxy, which will issue CONNECT commands for HTTPS automatically, and now you're in HTTPS world and you're good.