« PHP Security From The Inside: An interview with Stefan Esser | Main | Same-Origin Policy Part 1: Why we're stuck with things like XSS and XSRF/CSRF »

AJAX Lockdown: A new concept of data privacy and security for AJAX-based Web applications using client-side data encryption

"AJAX is definitely taking Web applications to the next level in ease of use and desktop-like user interfaces. And it can even be used to create the secure, privacy-oriented Web applications that are so needed in today's Web world.

AJAX is based on Web browsers endowed with powerful JavaScript engines.

In this article I'll explain a framework for AJAX-based Web applications based on client-side data encryption using a Secure Key for maximum data security and privacy. This framework can be used with any Web application, saving a lot of potentially sensitive user data like bank account details and login details for Web sites.

This framework will put the user in full control of sensitive data; the back-end server will just be a mechanism to save the encrypted blob from the user. It's based on client-side JavaScript and XML for all the business logic and data encryption/decryption, searching, and sorting. It will also open up new dimensions for making online payments and banking since it can talk to different Web Services from the client browser instead of going through an intermediate server, thus minimizing the risk of any third party intruding on the data."

Article Link: http://java.sys-con.com/read/327940.htm


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!