Type your search keyword, and press enter

Encrypt HTML form data without using SSL

In certain cases, it might be hard to install SSL certificates or SSL is not supported by some webhosts. In those cases, there is a need to encrypt the data (POST/GET) that is sent when you submit a form because if you don’t, your data will be sent in plain text. So I ran into jCryption, a javascript based HTML form encryption plugin. The encryption is performed using public key algorithm of RSA and supports form data encryption upto 2048 bit.

  • jCryption encrypts on the client with Javascript and decrypts on the server with PHP.
  • A keypair is automatically generated on every request to send data by the user. This adds an extra layer of security.
  • jCryption was build on top of the Multiple-Precision library and uses Barrett Modular Reduction library as well.
  • It is completely free and has been dual licensed under the MIT and GPL licenses.
  • Has been tested and works with all modern browsers such as Firefox 3, Chrome, Opera 9+ and legacy browsers such as IE6.

Caution when considering jCryption

  • jCryption must not be used as a replacement for SSL as it currently does not provide authentication and no protection against MITM (Man-in-the-middle) attacks.
  • Because the encryption is performed on the client side, if the client has disabled javascript and that maybe the case in some corporate environments, the form data will be sent unencrypted.
  • File uploads are also not encrypted because of performance reasons as there is no fast way of accessing and applying encryption to data inside a file.

jCryption is hosted on Google Code and is available for download.

Still not convinced? Check out the jCryption demo.

How to Get a Google Wave Account

Google Wave is a new tool for communication and collaboration on the web, coming later this year. Watch the demo video below, sign up for updates and learn more about how to develop with Google Wave.

Instead, if you’re a developer, fill out the form at
https://services.google.com/fb/forms/wavesignupfordev/.
Or, if you’re not a developer, fill out the form at
https://services.google.com/fb/forms/wavesignup/.
These are the only ways to get an account.

Instead, if you’re a developer, fill out the form at https://services.google.com/fb/forms/wavesignupfordev/

Or, if you’re not a developer, fill out the form at https://services.google.com/fb/forms/wavesignup/

These are the only ways to get a Google Wave account.

PS, the Wave blog has the latest on roughly when to expect accounts:

* For developers —

http://googlewavedev.blogspot.com/2009/07/google-wave-sandbox-update.html

* For non-developers —

http://googlewavedev.blogspot.com/2009/07/google-wave-updates-from-todays.html

How to Break Web Software

Mike Andrews was one of the coolest and most knowledgeable professors I had the opportunity of learning from, while at school @ Florida Tech.

Currently, Mike is currently working as the Principle consultant at Foundstone/McAfee, taking a break from teaching.

At school, we did not have video tape lectures, but I did find this video of Mike talking at Google on how to break web software, how web applications are attacked and walks through a testing framework for evaluating the security of an application and takes some deep-dives into a few interesting and common vulnerabilities and how they can be exploited.

A video used to be embedded here but the service that it was hosted on has shut down.

How to edit any Webpage on the fly using JavaScript

OurPicks have an interesting piece of code snippet on their forums. A simple JavaScript code that lets you edit any webpage, static or dynamic on the fly

Let us try this:

Step # 1: Go to any website. Let us go to Slashdot.org

Step # 2: Delete everything in the address bar

Step # 3: Paste the following JavaScript code in the address bar

javascript:document.body.contentEditable=’true’; document.designMode=’on’; void 0

Step # 4: Enjoy

Webpage edit of Slashdot on the fly