Encryption

Discussion in 'ASP .Net' started by =?Utf-8?B?RGVtZXRyaQ==?=, Nov 24, 2006.

  1. Lets say there are values in the database that are encrypted but need to be
    decrypted to display to an authenticated user on a web site.

    Now the problem is that somewhere along the way during a request by an
    authenticated user that data must be decrypted and displayed to the user.

    Now, lets say we also want to prevent anyone packet sniffing from being able
    to decipher the data.

    It would seem to me that the data must remain encrypted all the way to the
    client and then decrypted via javascript so that the data is never in its
    true form through a wire.

    But then the question becomes how does one leverage the wonderful
    cryptography namespace in the framework on the client...well obviously you
    can't since it is a SERVER side component.

    If anyone can shed some light on this please do.

    Thanks


    --
    -Demetri
     
    =?Utf-8?B?RGVtZXRyaQ==?=, Nov 24, 2006
    #1
    1. Advertising

  2. The javascript won't do much good either because whoever wants to look at it
    would have your entire decryption algorithm at their disposal. That's where
    SSL comes in. To really secure it, get an SSL certificate and use the app
    through an https connection instead to mitigate this issue. You can then
    decrypt the data server-side after it comes out of SQL server, then display
    it to the user over a secure SSL connection.

    --
    Hope this helps,
    Mark Fitzpatrick
    Former Microsoft FrontPage MVP 199?-2006

    "Demetri" <> wrote in message
    news:...
    > Lets say there are values in the database that are encrypted but need to
    > be
    > decrypted to display to an authenticated user on a web site.
    >
    > Now the problem is that somewhere along the way during a request by an
    > authenticated user that data must be decrypted and displayed to the user.
    >
    > Now, lets say we also want to prevent anyone packet sniffing from being
    > able
    > to decipher the data.
    >
    > It would seem to me that the data must remain encrypted all the way to the
    > client and then decrypted via javascript so that the data is never in its
    > true form through a wire.
    >
    > But then the question becomes how does one leverage the wonderful
    > cryptography namespace in the framework on the client...well obviously you
    > can't since it is a SERVER side component.
    >
    > If anyone can shed some light on this please do.
    >
    > Thanks
    >
    >
    > --
    > -Demetri
     
    Mark Fitzpatrick, Nov 24, 2006
    #2
    1. Advertising

  3. =?Utf-8?B?RGVtZXRyaQ==?=

    Mark Rae Guest

    "Demetri" <> wrote in message
    news:...

    > It would seem to me that the data must remain encrypted all the way to the
    > client and then decrypted via javascript so that the data is never in its
    > true form through a wire.


    This is without doubt the worst possible thing you could do in this
    situation - JavaScript is client-side, so the entire decryption routine /
    algorithm would need to be downloaded to the client machine, where it would
    run.

    UNDER NO CIRCUMSTANCES DO THIS!!!

    > But then the question becomes how does one leverage


    AAARRRGGGHHH!!! The *L* word...

    > If anyone can shed some light on this please do.


    Extremely simple - get an SSL certificate from a known and trusted
    certification authority.
     
    Mark Rae, Nov 24, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Robert Vabo

    Encryption

    Robert Vabo, Oct 8, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    1,297
    Ed Kaim [MSFT]
    Oct 14, 2003
  2. abhinav

    encryption algorithms

    abhinav, Dec 26, 2004, in forum: VHDL
    Replies:
    2
    Views:
    657
  3. Guenther Sohler

    Encryption Problem

    Guenther Sohler, Oct 17, 2003, in forum: Perl
    Replies:
    1
    Views:
    515
    Jim Gibson
    Oct 20, 2003
  4. Kelvin
    Replies:
    2
    Views:
    602
    Andrew Balmos (abalmos)
    Nov 9, 2004
  5. Acebravo

    About Encryption Question

    Acebravo, Mar 28, 2005, in forum: Perl
    Replies:
    1
    Views:
    2,716
    J├╝rgen Exner
    Mar 28, 2005
Loading...

Share This Page