Im using jQuery validate plugin and every form has multiple validation levels.
- level is by validate plugin
- level is:
- data is submitted to site
- I get a reply
- if everything is ok -> JS redirects to url
- if there is an error, it shows warnings
Now I wonder, is it safe to send login info via ajax? I know that with addons like firebug, I am also able to get all POST parameters with normal submit. But can somebody else interfere with ajax login request and steal precious data?
-
Are you issuing requests over HTTPS?
-
is it safe to send login info via ajax
You do use HTTPS, do you? If you do it's as safe as form submit.
FrEaKmAn : Thank you for suggestion, will add this feature right away...Vladimir Dyuzhev : Here "thank you" is expressed by clicking on "accept answer" or "arrow up" ;) -
If you mean someone else on the network, then see the earlier comments about HTTPs.
If you mean "can someone inject something into a page and steal the data", the answer is yes. As you've observed, the user can install plugins which could do this; it's also possible that your page could be inadvertently be the target of injection via cross-site scripting or some other flaw.
0 comments:
Post a Comment