Can one store sensitive information on an Internet host with complete confidence that the data is secure, while at the same time maintaining the anywhere anytime access the Internet prodives? The Host-Proof Hosting AJAX design pattern provides a mechanism to achieve this. The online password manager Passlet is one of the first implementation of Host-Proof Hosting.
Central to the Host-Proof Hosting idea is the ability for the end user to independently verify that the hosting service has not tampered with the AJAX code about to be run on the user's browser. This is to protect both against a malicious hosting service and against an external attack, were the host to be compromised.
It would be ideal if browsers performed this code verification for the user. Unfortunately, they do not today; perhaps they may in the future. A browser plug-in is the next logical tool to consider. However, a plug-in negates several of the key benefits of AJAX, namely access from any device, even those you cannot install software on. That is not to say that a code-verification plug-in is not useful; someone should write one.
This bookmarklet has been tested on Internet Explorer and Firefox. It should only require trivial modifications, if at all, to work on other browsers. To use it, right click on the link below and bookmark it as a favorite; then on any page you wish to verify, just select it from your bookmarks. Beware, calculating SHA-1 hashes of large pieces of code can take a while, so please be patient.
Right click on this link and add to Favorites (Bookmarks): Page Source Verifier
Please send feedback to firstname.lastname@example.org