I had some requests asking if it would be possible to encrypt the JSON string without changing the common.js or any other file. Yes, you will be able to integrate your encryption algorithm. In the first version I will add a simple encryption to show you how encryption will work. For each Ajax.NET method you can define if you want to use it or not.

3 Comments

• Andre said Tuesday, August 30, 2005 3:53:00 PM

  Hello,
  
  how do you want to add such a feature to the library? Will it be possible to extend this with an own algorithm?
  
  Greetings from NY
  A.

• Big Brother said Tuesday, August 30, 2005 4:56:00 PM

  So where do you plan to store the decryption key? On the client, of course. Not very secure to even a casual hacker.

• Michael Schwarz said Tuesday, August 30, 2005 7:21:00 PM

  @Andre: yes, you can implement your own algorithm, there is a API on the server and on the client.
  
  
  
  @BigBrother: that's your decision. You can store it in the session cookies (not very secure) or in memory only. It depends on what you want to do. Two examples:
  
  1) You want to save data on the server that will be secure. On the client you will be asked for a key, the key is not necessary on the server. I prefer this if the data is only saved on the server, no processing there.
  
  2) You will send and get encrypted data. While running the login you have to enter the key. It will be saved in memory only, and used to encrypt the data. On the server you will store the same key for the authenticated user. So, the key will never be transported. If you are thinking of AJAX you will be able to have the page never reloaded. I prefer this if you will secure every call.
  
  
  CIAO
  Michael