tags:

views:

51

answers:

1
+1  Q: 

jQuery - ASPX Security libraries

Hello.

I would like to know if there's a combo like jCryption (jCryption) - PHP but for jQuery - ASPX. I mean, I have been searching for a combo to send data both ways (Client-server, server-client) with jQuery to ASPX. The best I found was jCryption that sends data from JavaScrpit to PHP. I need a combo to send data from JavaScrpit to ASPX.

Any ideas??

PD: Please don't tell me to use HTTPS, it's not enough to ensure the data communication on a client - server application.

+1  A: 

"Please don't tell me to use HTTPS, it's not enough to ensure the data communication on a client - server application"

Well, sorry, but that's exactly what I'm going to do. SSL is far more secure than anything you're able to do with JavaScript. With non-SSL you're sending clear-text to client/server, meaning if I can see the packets, a man in the middle attack (e.g. you're at my coffee shop, my wireless router) is not that hard. How would you do anything more secure in JavaScript?

You would be sending all keys back and forth over a plain-text connection, negating the point of any security you think this adds. This is like adding an extra deadbolt to your front door, does it make it any more secure? Not really, because you just gave me a copy of the key :)

Is SSL perfect? No, there have been holes found like anything else. Is it way more secure than any encryption where the keys are freely visible, e.g. JavaScript over an unencrypted connection? Yes.

jCryption that you mention is not a replacement for SSL, you don't have to believe me though, look at the comments from it's author, just scroll to the bottom.

That’s true it is vulnerable to MITM attacks, but I mentioned that jCryption at it’s current state offers no way of authentication and that it is no replacement for SSL. jCryption should be an easy to install plugin which offers a base level of security.

Or, read the FAQ itself:

In my opinion jCryption is much easier to install and configure. Although I don’t think that jCryption is a replacement for SSL. It could be a nice addtion for your contact form or login page to simply make it more secure. If you need highest security you have to use SSL, because jCryption offers no way of authentication.

Nick Craver  2010-06-06 10:12:47

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps