Thursday, October 18, 2007

Design for the simple secure storage server

In my last post, I mentioned my motivation for writing this server and pointed to the foundation I'm building on. Now it's time for more detail.

This server may not be supper fast (single thread execution) and it may not be super secure (user data stored in plaintext on the server) but it will be super easy to set up.

Allow me to clarify the security point in the above summary. In the initial version of this server, all traffic will be sent over an SSL connection (HTTPS) and users will authenticate with the server using Basic Auth. In Basic Auth, the users password is sent to the server in plaintext. There are better authentication schemes out there, but for this version of the server, I'm going for quick and simple. Basic Auth is just barely acceptable for this project because the connection is secure, but the server will likely store these passwords in plaintext as well (for now) so server disk security may be the weak link. With that said, the idea for this server is to provide a simple and portable back-end for my AJAX applications.

No comments: