| 摘要 |
A method and a system for external and distributed protection of Web application data against prying, tempering, and impersonation using cryptographic mechanisms. The protection is offered opaquely so as to not expose the cryptographic mechani sm to the Web application. Protection against prying prevents users from looking at da ta the Web application considers private. When protected against prying, protect da ta may be sent to the client but the userwill not be able to understand it. Protection against tempering, guaranties the Web application that the data it is receiving originated from a trusted source, usually the Web application itself. A user session state stored client-side is a good candidate for tempering protection. Protection against impersonation ensures the Web application that the data it is receiving come s from a specific user. |
