2 Replies Latest reply on Jul 10, 2007 11:11 PM by BG Solutions

    Security integration

    zapian
      I am developing a shockwave[.dcr] for my web site which will post data to a URL in AES encrypted format using public key which gets decrypted at server side [URL] using the private key. Is it possible to do in Lingo? If yes please let me know something for reference. This is very urgent.
        • 1. Re: Security integration
          Level 7
          zapian wrote:
          > I am developing a shockwave[.dcr] for my web site which will post
          > data to a URL in AES encrypted format using public key which gets
          > decrypted at server side [URL] using the private key. Is it possible
          > to do in Lingo? If yes please let me know something for reference.
          > This is very urgent.

          Maybe something at
          http://www.updatestage.com/MileHighTableOProducts/products.html#Encryption

          will help.

          Also, there are many examples of AES encryption in JavaScript available, if
          you're using MX2004.

          Andrew


          • 2. Security integration
            BG Solutions Level 1
            I don’t know how AES compares to RC4 encryption (except Wiki notes that neither have been cracked) but I’ve written a matched pair of scripts in Lingo and ASP that can send encrypted data from Shockwave to ASP and back again with private keys on both sides. I’ll post the code if you’re interested. If you write the AES scripts yourself I can give you one tip that took me a long time to figure out … Lingo’s postNetText and ASP’s form request both claim to URL encode/decode strings that are not URL safe … they do but they don’t use the same method so the string you send from Lingo will not be the same as the string processed by ASP and vice versa. My solution was to hex encode the entire string before sending and decode before decrypting … for simplicity I hex encode everything although technically you only need to encode characters that aren’t URL safe. My project works as follows

            Shockwave: SQL String -> RC4 Encrypt SQL with private key -> Hex Encode -> postNetText to Server -> ASP: Hex Decode -> RC4 Decrypt SQL with private key -> Execute SQL

            I have an option switch that tells the server to return the record set either clear text or encrypted … if the record set is to be returned encrypted the process is exactly the same as above only reversed.