Hashing sensitive data in request

We have set the https connection, between the client and server. The problem is that security guys, showed us it is possible to intercept the data using rogue invalid certificate (user must accept it in the browser).

The problem is now the attacker would be able to see in a clear text all the request sends to the server and though to see what is the structure of the data we are sending (is it security vulnerability?

1) Does it make sense to hash sensitive information (on the client side) and send it hashed to the server?

2) There is an requirement that require us to encrypt us some data (i.e credit card PIN) on the client side and just then send it to the server. Does it make sense? We'd have to somehow follow the same steps as we do for SSL, establish trust encrypt etc, just for this one field.

3) Is it worth to obfuscate JS code? Wouldnt it be easily reverseable?

Replay

Category: cryptography Time: 2016-07-28 Views: 0

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.226 (s). 12 q(s)