Sending login information via AJAX
https://stackoverflow.com/questions/604550
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Im using jQuery validate plugin and every form has multiple validation levels.
- level is by validate plugin
- level is:
- data is submitted to site
- I get a reply
- if everything is ok -> JS redirects to url
- if there is an error, it shows warnings
Now I wonder, is it safe to send login info via ajax? I know that with addons like firebug, I am also able to get all POST parameters with normal submit. But can somebody else interfere with ajax login request and steal precious data?
Solution
is it safe to send login info via ajax
You do use HTTPS, do you? If you do it's as safe as form submit.
OTHER TIPS
Are you issuing requests over HTTPS?
If you mean someone else on the network, then see the earlier comments about HTTPs.
If you mean "can someone inject something into a page and steal the data", the answer is yes. As you've observed, the user can install plugins which could do this; it's also possible that your page could be inadvertently be the target of injection via cross-site scripting or some other flaw.
