On Fri, May 29, 2009 at 3:29 AM, Deep Blue <deep.blue...@gmail.com> wrote:
> > Hi all, > > Is it possible to create an encyption / decryption layer around GWT > rpc mechanism? > > The problem is currently in GWT rpc, all the data are sent / received > from server in JSON text (although SSL can help protect middle-man > attack, but launching firefox with firebug can see all the post data > in clear text). SSL is fine. What your thinking of is impossible (& it's why there's no such thing as fool-proof DRM). You're trying to have Alice send a secret message to Bob while keeping that message secret from Alice. > > > Anyone got any idea how to create a layer to encrypt the data in > server side (after the serialization), and decrypt it in client side > (before the deserialization)? You could always supply the server's RSA public key to have the serializer encrypt the data with that prior to sending, but I don't see the purpose since the user can still use firebug to put a breakpoint in the serializer code to read the data before-hand. You're just making your life more difficult & complicated without reason. > > > I know it can't totally prevent the user from decrypting (since the > decryption logic is sent to user's pc as javascript), but it is better > than expose the data in clear text just using firebug plugin. I think you need to learn how asymmetric encryption works. Just because you have the algorithm & encryption key doesn't mean you can decrypt the data. If you're thinking of the symmetric encryption (i.e. AES), then yes, algorithm + encryption key is enough to decrypt. > > > Thanks! > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---