Web Development

3434 readers

1 users here now

Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development

What is web development?

Web development is the process of creating websites or web applications

Rules/Guidelines

Follow the programming.dev site rules
Keep content related to web development
If what you're posting relates to one of the related communities, crosspost it into there to help them grow
If youre posting an article older than two years put the year it was made in brackets after the title

Related Communities

Wormhole

!cool_github_projects@programming.dev

Some webdev blogs

Not sure what to post in here? Want some web development related things to read?

Heres a couple blogs that have web development related content

https://frontendfoc.us/ - [RSS]
https://wesbos.com/blog
https://davidwalsh.name/ - [RSS]
https://www.nngroup.com/articles/
https://sia.codes/posts/ - [RSS]
https://www.smashingmagazine.com/ - [RSS]
https://www.bennadel.com/ - [RSS]
https://web.dev/ - [RSS]

Credits

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago

MODERATORS

snowe@programming.dev

erlingur@programming.dev

Ategon@programming.dev

End-To-End Encrypted (EE2E) Websites? (lemmy.world)

submitted 9 months ago by trymeout@lemmy.world to c/webdev@programming.dev

18 comments fedilink hide all child comments

Is there a way to develop and website using JS (and perhaps PHP) to create an E2EE website. Were all packets sent between the server and the userw device are E2EE, wrapped in a layer of encryption?

I know there is HTTPS but I am looking for something stronger than HTTPS.

By using some JS or PHP E2EE package, would I have to write or structure the website code very differently than you normally would?

you are viewing a single comment's thread
view the rest of the comments

[–] Max_P@lemmy.max-p.me 4 points 9 months ago

That's a completely different use case then, and the solution is Tor, proxies, ShadowSocks, vpn-ws.

But if you can't HTTPS, it's weird that you'd be able to do a VPN in the first place. HTTP only is super rare outside of China, and most places HTTPS would be blocked, VPNs are even more blocked

I mean technically you could encrypt most of the stuff client-side but you have to keep in mind the browser loading JavaScript over HTTP is still insecure and it would be easy to modify the script to also send the key to your attacker. There's nothing you can do that would be better than what the browser can do.

The only way to make it safe is to not have a web application. The code must already be on your device in a state you trust to be able to trust anything else that depends on it.

An easy fix might be to configure your browser to use your server as a plain HTTP proxy, which will issue CONNECT commands for HTTPS automatically, and now you're in HTTPS world and you're good.