tags:

views:

4030

answers:

2
+8  Q: 

Is encrypting AJAX calls for authentication possible with jQuery?

I'm fairly new to the AJAX methodologies (I only recently discovered jQuery a short time ago). I am interested to know if there is anyway to authenticate a user on a PHP setup; securely.

Does jQuery have any special options to allow use of HTTPS (or any other way to encrypt my ajax call)?

Yes, I could very well just post data back to the server, but that ruins the fun. Thanks in advance. :)

+7  A: 

To use Ajax over HTTPS, you have to load the originating page over HTTPS.

Same origin policy

So, in a sense, yes -- but, not on its own.

Jonathan Lonowski  2008-09-29 09:23:04
"While it is not possible to directly query websites for data due to the same origin policy, the <script> tag does not honor the same-origin policy and can be used in conjunction with JSON." - from the link you provided. Are you sure?
RodgerB  2008-09-29 09:29:38
Using a script tag in conjunction with JSON is JSONP. You provide a javascript callback method (as a string) in your ajax request. The server then returns the JSON response as a parameter of this callback function. http://www.west-wind.com/Weblog/posts/107136.aspx. JSONP doesn't use XmlHTTPRequest
Luke Smith  2008-09-29 11:23:40
Thanks for the explanation of JSONP. Does that prove the initial poster correct?
RodgerB  2008-09-29 13:13:40
What if the login box is a popup on an http page -- the home page or any part of the site. I need to make it use https for the ajax login call, but I am not able to unless the whole site is encrypted? That's ridiculous...
lhnz  2010-04-07 12:26:39
A: 

Unless jQuery already does this (I use MooTools so I wouldn't know) I'd highly suggest that you link the AJAX login to the PHP session by using a $_GET variable in the query string. This way even though it's through HTTPS, you'll still know what session its tied to for an added layer of protection.

The Wicked Flea  2008-10-03 22:49:02

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases