Would it be possible to implement the compressed and encrypted JSON feature in EWB in the future version.
This is to
- secure the data
- decrease the network and server load

Thanks,

EWB can already compress the output on compile - this shrinks the
resulting file quite a bit.

Otherwise rest of this i assume is a wish list for the EWB web server -
http compression and ssl (or did you want some other type of encryption?).

If you use any other back end web server (e.g. apache) you can already
use the http compression as well as ssl to achieve both of those goals.

Raul


On 7/10/2013 10:55 PM, Sittro wrote:
> Would it be possible to implement the compressed and encrypted JSON feature in EWB in the future version.
> This is to
> - secure the data
> - decrease the network and server load
>
> Thanks,
>

<< Would it be possible to implement the compressed and encrypted JSON
feature in EWB in the future version. >>

What feature are you referring to, specifically ?  I'm unaware of a
JSON-specific compression/encryption algorithm for JavaScript.

Tim Young
Elevate Software
www.elevatesoft.com

Raul wrote:

EWB can already compress the output on compile - this shrinks the
resulting file quite a bit.

Otherwise rest of this i assume is a wish list for the EWB web server -
http compression and ssl (or did you want some other type of encryption?).

Tanks Raul, I'm referring to the features that:
1. On EWB Web Server sending JSON data to EWB client:
- EWB Web Sever automatically compress (and/or encrypt) JSON data and send to EWB client application
- EWB client automatically decompress (and/or decrypt) the compressed JSON data received from EWB Web Server

2. On EWB client sending JSON data to EWB Web Server:
- EWB client automatically compress (and/or encrypt) the JSON data and sent to EWB Web Server
- EWB Web Sever automatically decompress (and/or decrypt) JSON data received from EWB client application

(For encryption, the developer can assign his encryption key)

If you use any other back end web server (e.g. apache) you can already
use the http compression as well as ssl to achieve both of those goals.

Raul


On 7/10/2013 10:55 PM, Sittro wrote:
> Would it be possible to implement the compressed and encrypted JSON feature in EWB in the future version.
> This is to
> - secure the data
> - decrease the network and server load
>
> Thanks,
>

Tim Young, You are correct. I'm referring to JSON-specific Automatic Compression/Encryption for both EWB Web Server and EWB client.

1. On EWB Web Server sending JSON data to EWB client:
- EWB Web Sever automatically compress (and/or encrypt) JSON data and send to EWB client application
- EWB client automatically decompress (and/or decrypt) the compressed JSON data received from EWB Web Server

2. On EWB client sending JSON data to EWB Web Server:
- EWB client automatically compress (and/or encrypt) the JSON data and sent to EWB Web Server
- EWB Web Sever automatically decompress (and/or decrypt) JSON data received from EWB client application

(For encryption, the developer can assign his encryption key)
-----------

"Tim Young [Elevate Software]" wrote:

<< Would it be possible to implement the compressed and encrypted JSON
feature in EWB in the future version. >>

What feature are you referring to, specifically ?  I'm unaware of a
JSON-specific compression/encryption algorithm for JavaScript.

Tim Young
Elevate Software
www.elevatesoft.com

I think this would be too proprietary as described - regular http
compression is all that's needed to accomplish this (and it's already
supported by all browsers). It's just a question on whether Tim can add
it to EWB web server (as all major web servers already support this).

The encryption with JavaScript is a tricky problem - anything pre-shared
is worthless since one can look up password in your javascript
application. Hiding it behind server login helps against random user but
is still not enough since password is still visible to all your app users.
Only way to accomplish this would be to use the user entered password
(or better yet combination of it like hash) as a encryption key but that
is something that is now very specific (since server has to en/decrypt
every communication with separate key.

You still need ssl as well of course or above is meaningless.

What exactly are you trying to accomplish that a SSL connection + user
authentication does not protect against ?

Raul



On 7/13/2013 1:53 AM, Sittro wrote:
> Raul wrote:
>
> Tanks Raul, I'm referring to the features that:
> 1. On EWB Web Server sending JSON data to EWB client:
> - EWB Web Sever automatically compress (and/or encrypt) JSON data and send to EWB client application
> - EWB client automatically decompress (and/or decrypt) the compressed JSON data received from EWB Web Server
>
> 2. On EWB client sending JSON data to EWB Web Server:
> - EWB client automatically compress (and/or encrypt) the JSON data and sent to EWB Web Server
> - EWB Web Sever automatically decompress (and/or decrypt) JSON data received from EWB client application
>
> (For encryption, the developer can assign his encryption key)
>
> If you use any other back end web server (e.g. apache) you can already
> use the http compression as well as ssl to achieve both of those goals.

Thank Raul,

>What exactly are you trying to accomplish that a SSL connection + user
>authentication does not protect against ?

I know SSL can protect us, my purpose for requesting auto encryption is just to make it easier for s/w implementation at a customer site (e.g. LAN/WAN network).

My major request is automatic JSON compression by EWB web server and client to decrease the network load. Compressed JSON data size could be 10 times smaller than the original size and might be 100 time smaller for large data because JSON data usually has many repetitive key-names.




On 7/13/2013 1:53 AM, Sittro wrote:
> Raul wrote:
>
> Tanks Raul, I'm referring to the features that:
> 1. On EWB Web Server sending JSON data to EWB client:
> - EWB Web Sever automatically compress (and/or encrypt) JSON data and send to EWB client application
> - EWB client automatically decompress (and/or decrypt) the compressed JSON data received from EWB Web Server
>
> 2. On EWB client sending JSON data to EWB Web Server:
> - EWB client automatically compress (and/or encrypt) the JSON data and sent to EWB Web Server
> - EWB Web Sever automatically decompress (and/or decrypt) JSON data received from EWB client application
>
> (For encryption, the developer can assign his encryption key)
>
> If you use any other back end web server (e.g. apache) you can already
> use the http compression as well as ssl to achieve both of those goals.

> My major request is automatic JSON compression by EWB web server
> and client to decrease the network load. Compressed JSON data size
> could be 10 times smaller than the original size and might be 100
> time smaller for large data because JSON data usually has many
> repetitive key-names.

Am I right in thinking there is no standard for doing this? I presume that the
browser doesn't have a facility that can be used? If there is such, then obviously
it should be made available. But if not, then you are putting a very heavy load on
the browser as javascript is not the fastest language available. And compressing
isn't encrypting, which is what you asked for before, encrypting being another
processor load.

The general advice though as others have said, is that if you need to protect the
user's data, then https is the only option. Anything else is just pretending to be
secure as it can be sniffed on the wire (and mobile web is very easy to sniff).

If the EWB server doesn't do https then that is where Tim's time should be put. If
you need it today, then there are solutions (I use the RemObjects SDK which
includes the Indy https server). If you want compression in the browser, then there
are javascript libraries you could link to.

/Matthew Jones/

> Am I right in thinking there is no standard for doing this? I presume that the
> browser doesn't have a facility that can be used? If there is such, then obviously

There is and browser/server do have the facility already - http
compression (usually gzip and deflate). You do this at the http server
level and not at protocol level and browser does decompression so from
Javascript perspective nothing changes.

As i mentioned before this is already supported by all major web servers
(IIS, Apache, nginx, etc) and browsers so as long as you host your web
service with one of those you already have it.

Hence the only outstanding item is requesting Tim to consider it for EWB
web server.

Same for SSL but I know that's in the list already.

Raul

Raul

> I know SSL can protect us, my purpose for requesting auto encryption is just to make it easier for s/w implementation at a customer site (e.g. LAN/WAN network).

I personally don't see a way to make this even remotely worthwhile the
effort considering the SSL being available and affordable.


> My major request is automatic JSON compression by EWB web server and client to decrease the network load. Compressed JSON data size could be 10 times smaller than the original size and might be 100 time smaller for large data because JSON data usually has many repetitive key-names.

Agreed and as i said before http compression is the way to go here so as
long as you use one of the major web servers for back end you already
have this available.

Otherwise we just have to wait and see if Tim can add it (as well as
SSL) to the EWB web server.

Though in case of SSL there are workaround already one can use (STunnel).

Raul