Link
Why pay for an SSL certificate when JavaScript does it, too?»
This is a very nice solution to encrypt password fields, credit card numbers etc. in a secure way without needing an expensive SSL certificate. Of course, the authenticity function is lost (i.e. the end user can’t verify who you are, but anybody can buy an SSL certificate too so it doesn’t make much difference). The important thing is the secure transmission of the secret details.
It makes use of this RSA implementation in JavaScript. Don’t store secret information in a CookieStore session (which is used in Rails by default now) - use, for instance, EncryptedCookieStore.
