Ajax.NET Professional and how we can secure our calls

I had some requests asking if it would be possible to encrypt the JSON string without changing the common.js or any other file. Yes, you will be able to integrate your encryption algorithm. In the first version I will add a simple encryption to show you how encryption will work. For each Ajax.NET method you can define if you want to use it or not.

Published Tuesday, August 30, 2005 3:59 PM by Michael Schwarz

Comments

# re: Ajax.NET Professional and how we can secure our calls

Tuesday, August 30, 2005 11:53 AM by Andre
Hello,

how do you want to add such a feature to the library? Will it be possible to extend this with an own algorithm?

Greetings from NY
A.

# re: Ajax.NET Professional and how we can secure our calls

Tuesday, August 30, 2005 12:56 PM by Big Brother
So where do you plan to store the decryption key? On the client, of course. Not very secure to even a casual hacker.

# re: Ajax.NET Professional and how we can secure our calls

Tuesday, August 30, 2005 3:21 PM by Michael Schwarz
@Andre: yes, you can implement your own algorithm, there is a API on the server and on the client.



@BigBrother: that's your decision. You can store it in the session cookies (not very secure) or in memory only. It depends on what you want to do. Two examples:

1) You want to save data on the server that will be secure. On the client you will be asked for a key, the key is not necessary on the server. I prefer this if the data is only saved on the server, no processing there.

2) You will send and get encrypted data. While running the login you have to enter the key. It will be saved in memory only, and used to encrypt the data. On the server you will store the same key for the authenticated user. So, the key will never be transported. If you are thinking of AJAX you will be able to have the page never reloaded. I prefer this if you will secure every call.


CIAO
Michael