views:

147

answers:

3

Hi all,

I know it's a silly question but ,

My client asked for encrypting some information form their payment system to prevent user stealing personal information. The system is web-base and written by ASP.NET

We have tried some annoying solution such as JavaScript no right-click or css-no-print but apparently my client didn't like it.

so are there any commercial solution to encrypt information in aspx produced html pages?

or someone can tell me how to pursuit my client to stop these "prevent stealing" idea in a web-base system?

+1  A: 

SSL Certificates

  • Verisign
  • Thawte
  • There are many others, some trusted and others not trusted - do your homework.

<Edit> Here is a very thorough step-by-step tutorial explaining how you would go about using an SSL Cert in IIS.</Edit>

Jaxidian
Thanks, SSL is a solid answer for security problem.I will do some homework on how to implement it in future...
Jimmyc
+1  A: 

If your client is worried about data being stolen "over-the-wire", do what Jaxidian mentioned and using SSL.

If your client is worried about users stealing data from pages they view, then tell them there's nothing they can do in a web app to stop that. Users need to download a page to view on their computers so no matter what you do, HTML web pages can always have their content downloaded by a user, even if you add some hoops to make it more difficult.

The only way to stop a user from stealing data from pages they view is to not make your app web-based. You'll have to write a native app that gets installed on users' machines with strict DRM in order to stop them from copying content. And even then, DRM can be cracked. Just look at Sony.

If your client was referring to encrypting data within your database, then you should look into AES Encryption in .NET.

Dan Herbert
@Dan: Even _that_ won't prevent a user with a pencil and paper from stealing what's on the screen!
John Saunders
@John Exactly. There's no fool proof way to stop a user from stealing data as long as he/she is given the ability to look at it.
Dan Herbert
Ha! That's why I have my users install Matrix style dataports in the backs of their heads.
kervin
Thanks for the answer, true is we can't prevent user form taking information if we want it to be seen.I should spend more time on other topics rather than these stupid idea... like SSL or Matrix style dataports :)
Jimmyc
A: 

Hi All,

I come with some really silly answer for my client

I tried to encoding the information in aspx with Base64 like

string encoded = Convert.ToBase64String(Encoding.UTF8.GetBytes("Something"))

and decode the data with JQuery .Base 64 plugin ,

the aspx is like:

<span class="decoding"><%=encoded%></span>

with JQuery script to take all .decoding element to be decoded

$(function() {
        $.base64.is_unicode = true;
        $(".decoding").each(
            function() {
                $(this).html($.base64.decode($(this).html()));
            }
        );
 });

so the source data will look like some meaningless string , which is my client want. and with some evil JavaScript to prevent printing and cleaning user's clipboard.

I have completed a web-site with zero usability and still can't prevent anything! Well done :)

Jimmyc
As you said, it doesn't prevent anything. Any programmer worth his/her salt would look at that text and know to base-64 decode it.
Dan Herbert