| By RIA News Desk | Article Rating: |
|
| December 21, 2006 08:00 AM EST | Reads: |
6,379 |
Francesco Sullo (pictured) has created aSSL: AJAX Secure Service Layer, an open source library built to substitute the need for SSL in AJAX applications. aSSL is a library distributed under MIT License that implements a technology similar to SSL without HTTPS. aSSL enables the client to negotiate a secret random 128-bit key with the server using the RC4 algorithm. Once a connection has been established, the data will be sent and received using BlockTEA algorithm (a derivation of DES). aSSL 1.0 uses a 64-bit key. Version 1.1 uses a 128-bit key with a technique similar to Double Key Triple DES, that Sullo calls Double Key Quadruple DES. This allows a level of security closer to AES encryption. In fact, aSSL is moving towards AES.
aSSL is an AJAX open source library built to send data safely over the Internet when SSL is not available, or not needed. aSSL is an tool for developers which includes both client and server-side code - just code, it has no user "on-screen" interface. The library can be easily integrated into an existing web application. The developer need simply use the built in methods to pass aSSL the data he wants to send to the server: the client-side code then encrypts it, sends it to the server-side code and returns the server response.
Features:
• aSSL uses a three key technique wherein both the client and server, each generate a random key in order to negotiate a third key that they will use for all future transactions. (http://assl.sullof.com/assl/howitworks.asp)
• aSSL automatically keeps the connection alive by renegotiating a new key with the server before the session expires - keys are never reused, but recreated randomly at every renegotiation.
• aSSL can handle multiple, simultaneous connections with one or more servers.
• What type of security aSSL can offer
• aSSL is a security tool and, when used correctly, is an excellent way to lock up data before sending and receiving it over the Internet. By nature, it is not subject to Cross Site Scripting attacks, also known as XSS, because it uses no cookies and does not accept user input directly. Code traveling over an aSSL connection is as secure as code traveling over an SSL connection. In fact, aSSL, uses a similar RC4 encryption algorithm as SSL, and only sends encrypted data.
Says Francesco Sullo, "[...] I think that a web site with aSSL is certainly more secure than a web site without. Like everything else, it needs to be used properly, and in the right places in order to work best. I think that sending login data via aSSL is a compromise between sending them in plain text via HTTP and send them encrypted via HTTPS. In other words the question is “what level of security do you need”? aSSL is composed from a file .js and a server component. Currently, the ASP and PHP components are ready. I'm developing Ruby and Java components and in the near future I will add components in all the principal web languages (Perl, Python, TKL, etc.)."
Published December 21, 2006 Reads 6,379
Copyright © 2006 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
More Stories By RIA News Desk
Ever since Google popularized a smarter, more responsive and interactive Web experience by using AJAX (Asynchronous JavaScript + XML) for its Google Maps & Gmail applications, SYS-CON's RIA News Desk has been covering every aspect of Rich Internet Applications and those creating and deploying them. If you have breaking RIA news, please send it to RIA@sys-con.com to share your product and company news coverage with AJAXWorld readers.
![]() |
Francesco Sullo 12/21/06 05:49:37 AM EST | |||
Life is strange, yesterday a security expert, Marco Manfredini, wrote me to about a vulnerability in aSSL 1.0 and 1.1 so I decided to temporarily suspend the download of the library to fix the problem. |
||||
![]() |
ajax news desk 12/20/06 02:05:44 AM EST | |||
Francesco Sullo has created aSSL: Ajax Secure Service Layer, an open source library built to substitute the need for SSL in Ajax applications. aSSL is a library distributed under MIT License that implements a technology similar to SSL without HTTPS. aSSL is composed from a file .js and a server component. |
||||
![]() |
ajax news desk 12/20/06 01:53:46 AM EST | |||
Francesco Sullo has created aSSL: Ajax Secure Service Layer, an open source library built to substitute the need for SSL in Ajax applications. aSSL is a library distributed under MIT License that implements a technology similar to SSL without HTTPS. aSSL is composed from a file .js and a server component. |
||||
![]() |
ajax news desk 12/20/06 01:53:31 AM EST | |||
Francesco Sullo has created aSSL: Ajax Secure Service Layer, an open source library built to substitute the need for SSL in Ajax applications. aSSL is a library distributed under MIT License that implements a technology similar to SSL without HTTPS. aSSL is composed from a file .js and a server component. |
||||
- The Top 150 Players in Cloud Computing
- Commercial vs Federal Cloud Computing
- Why IBM’s Server Chief Got Busted
- Industry Experts Discuss the State of Cloud Computing
- Cloud Expo New York Call for Papers Now Open
- Cloud Computing on Gartner's Top 10 List and SYS-CON Events' 2010 Calendar
- US Federal Government is Major Cloud Computing Innovator
- Google Wave
- Ulitzer.com Named Exclusive "New Media" Sponsor of Cloud Computing Conference & Expo
- Tactical Cloud Computing Panel at 1st Annual GovIT Expo
- Adaptivity & Cloud Computing: Exclusive Q&A with CEO Tony Bishop
- 4th International Cloud Expo: Photo Album
- The Top 150 Players in Cloud Computing
- SYS-CON.TV: Cloud Computing Expo Power Panel
- Commercial vs Federal Cloud Computing
- Why IBM’s Server Chief Got Busted
- 1st Annual GovIT Expo: Letter from the Technical Chair
- Industry Experts Discuss the State of Cloud Computing
- Deputy CIO of the CIA to Keynote 1st Annual GovIT Expo
- SOA World Power Panel on SYS-CON.TV
- CIA was Headed to an Enterprise Cloud All Along: Jill Tummler Singer
- Cloud Expo New York Call for Papers Now Open
- 1st Annual Government IT Conference & Expo: Themes & Topics
- Stock in Focus: Dragon Capital
- The i-Technology Right Stuff
- Who Are The All-Time Heroes of i-Technology?
- Get the Message
- Where Are RIA Technologies Headed in 2008?
- i-Technology Viewpoint: Is Web 2.0 the Global SOA?
- i-Technology Viewpoint: Thinking Outside the VC Box
- ESB Myth Busters: 10 Enterprise Service Bus Myths Debunked
- i-Technology Viewpoint: When to Leave Your First IT Job
- SOA Web Services Edge Conference Coverage on SYS-CON.TV
- Five Reasons Why Web 2.0 Matters
- SYS-CON.TV's "SOA Web Services" and "Enterprise Open Source" Programs To Air in December
- SOA World Conference & Expo SYS-CON.TV Power Panel Live From Times Square










Cloud computing is a game changer. The cloud ...

















