User's Manual

7.2 Cryptography

The following example shows the use of WebIdentity for data encryption both by the server to the client and vice versa.

WebIdentity is used for encrypting the Name information (containing the name associated to the user retrieved from the

User table of the database) both when it is passed by the server to the client for display and when the client passes it to

the server for modification. The application retrieves the requested content from the local database, in this case the

Name field associated with the user, and encrypts it by using the WebIdentity server ActiveX object with an expressly-

initialized Session Random String. Hereunder the HTML page is generated; it contains the requested form with the

encrypted datum and a series of Javascripts for proper running. While running the HTML page on the client browser the

Javascripts

OnLoad_Populate()

function is automatically executed; with the aid of the client ActiveX is decrypts the

information passed by the server and enters the decrypted value in the special field. During field modification by the

user and during the request for modification transfer to the server the

OnSubmit()

Javascripts function is called for

encrypting the data to send and carrying on with transfer. The encrypted data arrives to the server which decrypts it and

enters it in the local database.

The web page, prearranged for sending confidential information to the client, is represented by the following listing

(userdata.asp):

1

2

3

4

5

6

7