Using https will encrypt the data flowing between the client (browser) and the server. It’s not a 100% proof solution as any hacker can attempt to ‘knock on your door’. It’s only a way to ensure that data send and received cannot be read. There are situations where you need additional security. You can do so by tunneling which means that clients need to be verified before you can use the connection. But this requires quite some technique using tokens etc.
There’s a fairly simple way of additional security which can be found in libraries like this one: http://www.jcryption.org/
This is not the one and only solution, there are other packages who do the same, but it’s a fairly simple way to implement way of encryption on client and serverside. This way it will be harder for a hacker to hack as the clients need to have the correct encryption key. This way you can deploy your application and have control about the browser clients which are allowed to enter. For public application this is not what you want, so it would be great if this could be an on-off switch. For apps in healthcare etc. it’s would be a great enhancement.
In addition to this, if I would like to implement this manually, where should I start?
regards
albert