Monday, April 11, 2011

Sending login information via AJAX

Im using jQuery validate plugin and every form has multiple validation levels.

  1. level is by validate plugin
  2. level is:
    • data is submitted to site
    • I get a reply
      • if everything is ok -> JS redirects to url
      • if there is an error, it shows warnings

Now I wonder, is it safe to send login info via ajax? I know that with addons like firebug, I am also able to get all POST parameters with normal submit. But can somebody else interfere with ajax login request and steal precious data?

From stackoverflow
  • Are you issuing requests over HTTPS?

  • is it safe to send login info via ajax

    You do use HTTPS, do you? If you do it's as safe as form submit.

    FrEaKmAn : Thank you for suggestion, will add this feature right away...
    Vladimir Dyuzhev : Here "thank you" is expressed by clicking on "accept answer" or "arrow up" ;)
  • If you mean someone else on the network, then see the earlier comments about HTTPs.

    If you mean "can someone inject something into a page and steal the data", the answer is yes. As you've observed, the user can install plugins which could do this; it's also possible that your page could be inadvertently be the target of injection via cross-site scripting or some other flaw.

0 comments:

Post a Comment