tags:

views:

1649

answers:

3
+1  Q: 

How Do I encrypt post data while using ajax and JQuery?

Server side we can authenticate the user but I want security of data when ajax or JQuery sends the data. Like on client side someone can only see the parameters of any call in encrypted format. So how do I do this. I have seen this scenario on this site.

EDIT

we can ignore to encrypt data when it comes form server. But atleast at sending time it is required. see the example on this site in your preference setting the checkboxes for notification. one can watch request by using firebug add-on in Mozilla firefox.

+3  A: 

You can't.

If the browser (i.e. JavaScript) is supposed to read/work with the values, they have to be clear text. Any encryption/scrambling scheme you might come up with will be inherently broken since JavaScript itself must be able to decrypt/unscramble the data, and therefore anyone with a medium amount of wit can access the source code will be able to figure it out.

You can do SSL requests to encrypt the server connection, hiding the data from third parties.

Tomalak  2009-04-17 12:55:09
Using SSL is the best choice, but encryption can be done, but it adds complexity that may not be worth the risk, esp since ajax can hide a great deal of what is happening.
James Black  2009-04-17 13:11:57
@James Black: But it's still not *secure*, and it never will be. Hiding stuff a little bit and adding a few hoops is pointless.
Tomalak  2009-04-17 13:42:12
+3  A: 

You could encrypt the data using some libraries, such as http://home.versatel.nl/MAvanEverdingen/Code/ but as was mentioned above it can be reverse engineered by someone using a debugger to see the key.

In order to do this securely you would need to have a public key for the server, and it would use this to get the symmetric key from the server, which encrypted the key with it's private key.

javascript then decrypts the symmetric key with the public key.

Now, this symmetric key is used to encrypt data.

If the data is small enough then you can use the public key to encrypt data, but there is size limits based on the size of your public key.

So, yes, you can do it, but it can be reverse-engineered.

James Black  2009-04-17 13:02:33
+1  A: 

If your problem is just encrypting the data sent by the user, use SSL on the server so that connections to it are encrypted. Your AJAX url would be https://myserver.com/Ajax/Endpoint or whatever.

swilliams  2009-04-17 17:03:22

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data