The Cognitive Distortion Journal (CDJ) is a smart journaling tool that helps remedy distorted thinking. It can feel impossible to follow the CBT technique of labeling distorted thinking and finding alternative modes of thought (i.e. reframing) while cognitive distortions are occurring. The CDJ does that work for you. -- The CDJ is in beta testing!!
This issue focuses on expanding security to the client-side. In particular, ensuring that the users data is protected against man-in-the-middle attacks by adding an additional layer to HTTPS using encryption which also stores the users information encrypted in the database in case the database is compromised.
This can be done by providing a key that can be cached in the clients browser. The clients browser can then use the key to encrypt all of their data on their system before it is stored in the database the. decrypt it on request. This has no impact on the servers performance because the clients system is doing the encrypting/decrypting.
This issue should explore how and where to store the users key, how to implement the caching in the clients browser (which prevents the client from having to make multiple calls for their key), and which hashing algorithm should be used. Consider if the key should expire and be updated at some point from the browser and/or on the server. What would this entail? Is it possible to do this efficiently?
This issue focuses on expanding security to the client-side. In particular, ensuring that the users data is protected against man-in-the-middle attacks by adding an additional layer to HTTPS using encryption which also stores the users information encrypted in the database in case the database is compromised.
This can be done by providing a key that can be cached in the clients browser. The clients browser can then use the key to encrypt all of their data on their system before it is stored in the database the. decrypt it on request. This has no impact on the servers performance because the clients system is doing the encrypting/decrypting.
This issue should explore how and where to store the users key, how to implement the caching in the clients browser (which prevents the client from having to make multiple calls for their key), and which hashing algorithm should be used. Consider if the key should expire and be updated at some point from the browser and/or on the server. What would this entail? Is it possible to do this efficiently?