Encryption for Web Pages
The process of encryption scrambles data in such a way
that the original information can only be recovered using a
corresponding decryption process and the correct key.
Encryption and decryption are common techniques in cryptography
and the scientific discipline behind secure communications.
The advantages of using encrypted web pages
The main advantage of using web page encryption is that if the
web page also checks that a visitor is actually using a web
browser, is logged into your portal or other conditions that
you can require, then the web page can be inaccessible. By
"inaccessible" meaning that it cannot be read by the numerous
softwares available today designed specifically to download
your web pages and even copy your entire web site.
Because the HTML will not display then any links pointing to
images and other media files are also protected and cannot be
downloaded... that is until you allow the page to download and
decrypt to display is original form. What happens to that
content from then on does not entirely depend on the visitor as
you also have the option of using one of many copy protection
solutions (available elsewhere on this site) however this topic
is about encrypting html and web page encryption..
The disadvantages of using encryption on web pages
Everyone's first concern is usually about download times, and
while the page is decrypted on the fly (as it downloads) it
shouldn't take much longer than a normal web page. Unless a web
server is critically overloaded the decryption process only
takes milliseconds so that shouldn't be an issue. MS-SQL
databases will deliver data faster than Access databases on
later versions of Windows Server and Access databases do not
fraction as well when larger than several MB. Otherwise the
really noticeable delay with delivering encrypted web pages
will be how the visitor's web browser deals with cache and any
cache settings on your web pages (ASP may not cache pages by
default, especially those comprised mostly of code).
Decrypting web pages
To deliver encrypted web pages they need to be decrypted on the
fly (as the page is being created from data records and
templates) so a two way hash is required (for encryption and
then decryption), which cuts out most of the super secure
encryption algorithms available today because they are mostly
one way hash. To decrypt the database record representing the
web page a password or key is required.
Web page encryption Key
A key is a long sequence of bits used for encryption/decryption
algorithms.
The encryption algorithm converts the original message
mathematically based on the key to create the encrypted message.
The decryption algorithm restores an encrypted message to its
original form.
The security of web page encryption
An encrypted web page is only as good as the method used to
encrypt it, and only secure if the decryption key is not easily
obtained through either guess work or by downloading the key
from the web part. So the encryption key needs to be as complex
as possible to protect from simple guess work and persistently
generated attacks.
But it doesn't matter how complex the decryption key is if the
key is easily obtained. For this reason any html encryption
process based upon or using JavaScript (or any other code that
can be downloaded directly or as part of a web page) can never
be considered secure. JavaScript encryption is commonly used
because it doesn't require anything more than a web site and a
normal html web page. The JavaScript can be using complex
algorithms but is not secure because its code is on the page.
If it's compile it can be undone because the visitor has all
the components including the key. If its using JavaScript
encoding functions then is then it's too easy undo... simply
search for one of the many a web pages providing a free service
to anyone who can copy'n'paste.
Improving web page encryption security
ArtistScope DRM and WARM solutions do not rely on JavaScript
for encryption or decryption techniques. Instead, for web page
encryption, ArtistScope uses 64-bit private-key algorithms similar to DES. The
decryption algorithms are not part of the web
page and are not accessible from the internet. The decryption
key is only known to the web server.
- Introduction to encryption
- Image Encryption
- ArtistScope DRM (Digital Rights Management)
- ArtistScope WARM (Access Rights Management)
Return to top |
|
 |
|
