I have a Singlepage Angular application deployed on a S3-bucket in my aws-account. I have set up a certificate manager for the domainname in route 53. I have cloudfront distribution pointing to the domainname and the s3 bucket. I have route 53 hostedzone with 2 records creeated (except for the 2 default NS,SOA), A record pointng at the cloudfront distibution, and CNAME record pointing at the certificate. And entering the domainname url I have a secured https address with valid certificate. But I am a bit uncertain with passing data with as example HTTP-Client in angular app to api-gateway that pass the data to the lambda. When I watch the network data in inspectionmode in the browser I can see that the request and responsedata in in plain readable text. So is this traffic secured by https - setting so it is encrypted when sending from frontend to backend. Or has I misunderstood the flow completely for secure data transfer client -> server? What I want to do is to send password safe from frontend http-client to server.
Maybe I have fulfilled the security and can pass a password safe even that I inspectionmode can read it or I have missed out totally. Would apprechiate some advice in this. Thanks!
I have tried to setup a safe client - > server connection for sending sensitive data (password). I expect safe data but worrie about missing some step in the process.
You can't see the encrypted content directly in the browser even the site is protected with HTTPS. When you use SSL/TLS(HTTPS), the data sent and received by the site is encrypted in-transit so the Man-in-middle attack fails. Anyone who tries to steal the data in between only sees the encrypted data.
If you want additional security you can implement your own data encryption techniques like the banking sites do,
You can generate a public key to encrypt the data at the client side before passing on it to the server and use a private key to decrypt it at the server side using RSA Algorithm or anything you came up with similar to it.
Other than encryption consider the following things, if you haven't