0

I'm sending sensitive data back and forth using AJAX requests in my ASP.NET MVC2 application using JSON. If I'm potentially sending back sensitive data back to the client, is there a preferred mechanism of securing the data such that it can then be decrypted by the javascript code? Is there a standard encryption library that I can use in JS and C# together?

Thanks

Improve this question

1 Answer 1

Reset to default
2

Don't send sensitive information to the client. Or if you do, use HTTPS which should protect you from man-in-the-middle. The best is to keep sensitive information on the server. Obviously depending on the level of sensibility and the kind of information you are dealing with there might be different techniques.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

This is a pretty awesome feature built into C#.net -- [ScriptIgnoreAttribute] -- msdn.microsoft.com/en-us/library/…
For me it's pretty useless. Personally I always use view models and only define the properties that the view needs. This way the serializer will only include whatever properties I have defined in my view model. Remember: never pass domain models to your views (in this case the view is a JSON representation), always define and pass view models.
"never pass domain models to your views" - I generally don't do this, but is there a good article that provides some good details on this practice?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.