I am preparing communication & data-exchange system between 2 websites, and would like to enhance it using suggestion posted by Stackoverflow community members.
Let me explain how I am doing it right now, by following example.
There are 2 websites
Before performing data-exchange between sites, following steps are performed.
Further,
Further,
Now, Let's assume that SE.com needs to send following string 'Hello World' to CE.com
Both sites have custom library for AES encryption-decryption.
Now, CE.com gets encrypted text
Questions
If someone tries to read transmitted data on-way of transmission, whether he can decrypt it, and see what it contains or not?
Also, provide suggestions to improve security & communication.
Help appreciated.
Implement client-side certificates. While using server-side certificates can prevent/deter interception of the message, it can't prevent someone spoofing SE from talking to CE in the first place.
您需要使用双向SSL身份验证 。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.