I've just been scouring the net looking for a javascript public key encryption library and can't find a single one! Not even a poorly maintained old version of something... Extremely surprising. I don't have time to learn and implement a public key system from scratch. I guess I have no choice but to make sending credentials not through ajax. Any other way I can think of doing so from an http page is insecure. Or am I missing something? One way encryption would not work in my situation as I my server code needs to know the passwords entered.
Is anyone aware of ANY javascript public key encryption apis or libraries? On Jul 9, 4:13 pm, Scott <sc...@appletree.com> wrote: > I need these ajax login boxes on many pages, pages that should be > unencrypted and available for search engines to crawl. > > On Jul 9, 3:58 pm, James <james.gp....@gmail.com> wrote: > > > > > Why not make your calling page https also? > > > On Jul 9, 12:02 pm, Scott <sc...@appletree.com> wrote: > > > > hmm... that sucks... This is for allowing my members to enter > > > credentials and it's important to be able to allow this on an http > > > page. What's the best way to accomplish this? Don't other sites > > > allow javascript logins in http pages where the credentials are not > > > sent in cleartext? > > > > Is there a great library for encrypting the data in javascript with a > > > public key and then decrypting the data with a private key on the > > > server? > > > > On Jul 9, 1:01 pm, Michael Lawson <mjlaw...@us.ibm.com> wrote: > > > > > Hi Scott, > > > > > unfortunately (or fortunately depending on your POV), same domain policy > > > > applies to the whole domain, including > > > > protocol.http://www.mysite.commakingarequesttohttps://www.mysite.com is > > > > not > > > > valid > > > > > cheers > > > > > Michael Lawson > > > > Development Lead, Global Solutions, ibm.com > > > > Phone: 1-276-206-8393 > > > > E-mail: mjlaw...@us.ibm.com > > > > > 'Examine my teachings critically, as a gold assayer would test gold. If > > > > you > > > > find they make sense, conform to your experience, and don't harm > > > > yourself > > > > or others, only then should you accept them.' > > > > > From: Scott <sc...@appletree.com> > > > > > > > > > To: "jQuery (English)" <jquery-en@googlegroups.com> > > > > > > > > > Date: 07/09/2009 03:56 PM > > > > > > > > > Subject: [jQuery] $.get ajax call on http page to https on same > > > > domain > > > > > I'm successfully able to make jQuery $.get ajax calls, everything > > > > works great. But some ajax calls pass credentials, so I need those > > > > calls to be secure. I simply try $.get("https://localhost/ajax.xml";, > > > > etc...); instead of http. But now it's not working, instead of an > > > > http get call, I see in firebug an http OPTIONS request is sent to the > > > > server and without the cookies. So my tomcat server returns a > > > > redirect to my login page (as it doesn't see a session id in the > > > > cookie or url) and the ajax call fails.. > > > > > What's going on? Why doesn't it simply issue the exact same get > > > > request jQuery does when the destination url is http? How can I make > > > > this work? > > > > > graycol.gif > > > > < 1KViewDownload > > > > > ecblank.gif > > > > < 1KViewDownload
