I'm considering an application that stores user specific information on a database behind an ASPX web site. Ideally I'd like the user to assume responsibility for encrypting the content. I imagined client side hooks in the HTML that enable the user to encrypt
and decrypt content. Is there an existing techology to do this? If so where can I look at details? If not any technologies that are "nearly there"?
client side would NOT be the place do encrypt/decrypt since it could be easily stolen. You should utilize the Security classes in the .NET framework and encrypt the info to the db, decrypt when pulling it out. System.Security.Cryptography
Absolutely wrong for this application. As the web site owner I want nothing to do with the encryption that is all up to the user/visitor. (The provisional spec. has encryption in the database but that's an entirely separate issue.)
So why provide them with client side code? If you provide that then YOU are still responsible! What are the provisions? Is SSL being utilized? :-) Stupid users! Tell em to use a Frosted Flakes decoder wheel.
Hi, I'm not looking to provide code or responsibility for it. I expected to find an existing technology out there. The idea is not rocket science. So far found nothing. Viable ideas might include. 1) Uses client side certificates if possible. 2) Uses same technique
(asymmetric encryption, signing...) as you find in email clients. In fact that facility or a slight variant running in the browser. 3) Maybe an "EncryptingTextBox" control in the browser that shows cleartext but posts cyphertext. Beside what you find already
inside email clients I've seen an IE RightsManagement Addon mentioned http://www.microsoft.com/windows/ie/downloads/addon/default.asp This is pre-release (so not even a contender) but it shows a similar idea is being pursued. In this case it appears to require
server side licensing so it's NOT suitable for this. Other than that various roll your own approaches are out there, none work for me. If this provides a way to tap existing encryption/certificate stores it might be viable (in future). Say when .NET one touch
deployment becomes viable. (I'm not holding my breath.) SSL is not a solution. Pure client side is cleanest, encrypted before it hits the wire. I'd be surprised if I don't can it come decision day (15 November)!
MikeGale
Member
235 Points
81 Posts
Encrypted Content Only Readable on Browser
Oct 30, 2003 07:52 PM|LINK
aikeith
Participant
1375 Points
276 Posts
Re: Encrypted Content Only Readable on Browser
Nov 04, 2003 01:54 PM|LINK
MikeGale
Member
235 Points
81 Posts
Re: Encrypted Content Only Readable on Browser
Nov 04, 2003 07:52 PM|LINK
aikeith
Participant
1375 Points
276 Posts
Re: Encrypted Content Only Readable on Browser
Nov 04, 2003 09:07 PM|LINK
MikeGale
Member
235 Points
81 Posts
Re: Encrypted Content Only Readable on Browser
Nov 04, 2003 11:25 PM|LINK