tags:

views:

389

answers:

5
+1  Q: 

posting password via ajax.get or ajax.post

hi,

I have a login form. The form is submitted via ajax to an .aspx file to actually carry out the login action. In this case, I either have to use $.get() or $.post() but each of them reveals the password (when I look in firebug).

Is there any way to hide the posting information from the user?

+2  A: 

Use https - plain http is no place to try to "hide" passwords or other valuable info.

Alex Martelli  2009-05-27 05:24:42
A: 

There is no difference in your logic and a website which uses normal posting ;-) You can use an ssl certificate to encrypt the traffic.

Shoban  2009-05-27 05:27:00
A: 

Either you can use SSL as mentioned by Alex & Shoban, or you can encrypt the password and then sent it via Ajax request.

Kirtan  2009-05-27 05:30:17
but how come I don't see this info in other web sites, which I know also don't use SSL?
Emin  2009-05-27 05:33:38
+1  A: 

ssl should be your only choice because if you will try to encrypt password on simple http... due to client side scripting your are exposing your encryption logic to users.... so ssl is right choice in this.

Usman Masood  2009-05-27 05:34:15
so shall I use server-side code to validate instead of ajax - if I cannot use SSL ?
Emin  2009-05-27 05:38:21
on http everything is going plain text.e.g.here is a simple version of login info on a http you can clearly see that its readable:<input name="username" type="text" value="test" id="usernametext" /> <input name="password" type="text" value="star" id="passowrdtext" />give a try to Zech's provided link to Javascript crypto libraries... they seem to be a good choice as they will makes the hack not easy... but still it would be possible... without SSL
Usman Masood  2009-05-27 09:31:16
A: 

It is highly recommended to use SSL if at all possible. But, you could encrypt the password before sending it using JavaScript crypto libraries.

Zach  2009-05-27 05:38:01

related questions

How do HttpOnly cookies work with AJAX requests?
ASP.NET JavaScript Callbacks Without Full PostBacks?
How to set encoding in .getJSON JQuery
Suggestions on Ajax development environment for PHP
Need to test an ajax timeout condition
XmlHttpRequest return values
Adobe AIR: Handling JSON objects from server
Best framework for implementing iGoogle or pageflakes (ASP.NET)
Is there some way to PUSH data from web server to browser?
Are there reasons not to use JSONP for AJA~X requests?
Minimize javascript HTTP calls from AjaxControlToolkit controls?
Only accepting certain ajax requests from authenticated users
ASP.net AJAX Drag/Drop?
Scrolling Overflowed DIVs with JavaScript
Speeding up an ASP.Net Web Site or Application
ICE Faces fileInput file path and file name properties
Ajax project suggestion.
Graphing JavaScript Library
Debugging: IE6 + SSL + AJAX + post form = 404 error
Best ajax library for Sharepoint
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?
What is Progressive Enhancement?
Tracking state using ASP.NET AJAX / ICallbackEventHandler
Easy way to AJAX WebControls
Modify Address Bar URL in AJAX App to Match Current State