Ajax.NET Professional and how we can secure our calls
I had some requests asking if it would be possible to encrypt the JSON string without changing the common.js or any other file. Yes, you will be able to integrate your encryption algorithm. In the first version I will add a simple encryption to show you how encryption will work. For each Ajax.NET method you can define if you want to use it or not.
3 Comments
Comments have been disabled for this content.
Andre said
Hello,
how do you want to add such a feature to the library? Will it be possible to extend this with an own algorithm?
Greetings from NY
A.
Big Brother said
So where do you plan to store the decryption key? On the client, of course. Not very secure to even a casual hacker.
Michael Schwarz said
@Andre: yes, you can implement your own algorithm, there is a API on the server and on the client.
@BigBrother: that's your decision. You can store it in the session cookies (not very secure) or in memory only. It depends on what you want to do. Two examples:
1) You want to save data on the server that will be secure. On the client you will be asked for a key, the key is not necessary on the server. I prefer this if the data is only saved on the server, no processing there.
2) You will send and get encrypted data. While running the login you have to enter the key. It will be saved in memory only, and used to encrypt the data. On the server you will store the same key for the authenticated user. So, the key will never be transported. If you are thinking of AJAX you will be able to have the page never reloaded. I prefer this if you will secure every call.
CIAO
Michael