You cannot keep data encrypted on the client if you expect to allow the client to use it. Anything that you want to protect from the user should never leave the server.
for instance DVD and HD-DVD and BlueRay all attempt to keep their formats encrypted from the user, but the user is required to decrypt the data to view the content ... meaning that the user is given the keys to unlock the data .... meaning that all of their encryption methods have been broken. What you describe has big FAIL stamps posted all over it. simply use HTTPS and protect the data while in transit, and don't send anything to the client that you don't want the client to have access to. -jason On May 29, 2009, at 1:29 AM, Deep Blue wrote: > > Hi all, > > Is it possible to create an encyption / decryption layer around GWT > rpc mechanism? > > The problem is currently in GWT rpc, all the data are sent / received > from server in JSON text (although SSL can help protect middle-man > attack, but launching firefox with firebug can see all the post data > in clear text). > > Anyone got any idea how to create a layer to encrypt the data in > server side (after the serialization), and decrypt it in client side > (before the deserialization)? > > I know it can't totally prevent the user from decrypting (since the > decryption logic is sent to user's pc as javascript), but it is better > than expose the data in clear text just using firebug plugin. > > Thanks! > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
