Re: Dissertation topic ADVICE needed. Website security and Cryptography
I'd imagine either C or java as these have fairly neat network socket libraries.
To be secure you need to upload files using an encrypted protocol. So that traffic can't be sniffed.
As for what is best, I'd imagine it's best to encrypt on your local workstation and upload an encrypted file, that way you keep the keys locally, they aren't on the server, if a person were to hack the server then they also have access to the decryption key if you do the encrypt on the server.
As a start look at sha-1 rsa and diffe-Hellman
For anti SQL injection, you need to sanitise your inputs,
Far example, nobody should have a name of '--drop table people; ' look for specific input variables (php_striphtml for example removed HTML from input, there is another I think it's called strip chars or something to remove special chars, there is also strip quotes etc.
Always cast numbers as %d then the variable name at the end in php, that ensures whatever goes into that number field is a number,
Eg if someone tries to out the letter a in there then the number 68 (I think) gets put in there (or whatever it's place in the ASCII table is,
It's going to be a hell of a lot of work.
I made something a bit like this in my dissertation
(Though mine was a suite of online tools for coders that was a knowledge base where articles were posted, a source control tree (with file locking and branching etc) and a linked source bug tracking tree (so you could enter notes against leaves on the tree.
Given my time again I would have much rather concerntraited on a single element of what I was doing and made something better.
This was in the days before drop box or share point. The best online scns were heavily command line oriented and source safe web access was a joke.
I made something passable, but if I hadn't been trying to create a whole suite of packages then I'd have been able to create a real (useful and marketable) product.
As it is I got a tool that was useful for a couple of years, but only to me. Whee the back end is clunky, and I've long since abandoned using it.
If you want something useful, concerntraited on one thing.
(E.g your encryption engine, or a way to pass the encryption key to the server to handoff encryption without compromising the integrity of they key and a way that ensures secure deletion of the key from disk and/or memory on the server.
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."