Today I’ve found something that could be very useful for webdevelopers that need some extra security without the troubles of configuring an HTTPS server. In fact, until recently, XSP didn’t support secure HTTP, and if it didn’t support it now, it would be even more useful.
I’m talking about aSSL, a MIT/X11 Ajax library that handles all the key negociation process and from there all the data is exchanged using Ajax and AES. Altough most webservers do support HTTPS, configuring them is usually a painless process, this is not for a eCommerce/advanced websites, but it can be very handy to handle some simple but sensitive areas of your website. Logins, password recovery and other tasks that envolve private data could be handled with security without the need for the extra overhead generated when running the entire website over HTTS.
From what I understand of the project, you won’t need a paying-certificate like one from VeriSign. Usualy, browsers check some master certificate servers for the server’s true identity, but this is something that would be only possible if cross-domain Ajax was a valid reality, unfortunaly it is still a hack bound to be fixed somewhere, somehow, somewhen ^^. Yet, it is you that provide the keys, which I believe to be enough to most of those thinking about the potential uses of this library on hteir websites.
The author doesn’t seem to talk about Mono or C# support, but since I was always attracted to the cryptographic libraries I think it would be fun to cooperate with him and add support Mono.
Give it a try or see their Demo.
