0

I am using the following code to send my username and password to backend. The reason that I am sending them in this way is that I am showing the login form in a lightbox and need to show the result messages "You are authenticated", "Not authorized" in the lightbox without closing it.

 <form id="authform" onsubmit="return authenticate()">
   ...

I am wondering if it is a secure practice to send the username and password through ajax to backend? if it is not what would be a better approach as I need to show the form in a lightbox and need to keep it open to show the results.

J888
  • 1,944
  • 8
  • 42
  • 76
  • Anything sent over the wire will be vulnerable to "inspection". When do so, you should, at the very least, ensure that the connection is using `https`, which will encrypt the data as it's passed over the wire. – MadProgrammer Oct 28 '13 at 01:19
  • how to ensure connection is https ? and not http? – J888 Oct 28 '13 at 01:20
  • I'm afraid, that's beyond my knowledge of JavaScript :P - A quick [Google](https://www.google.com.au/search?q=javascript+detect+https&oq=javascript+detect+https&aqs=chrome..69i57j0l5.4428j0j7&sourceid=chrome&espv=210&es_sm=93&ie=UTF-8) turned up [this](http://stackoverflow.com/questions/2855529/js-detect-https), but you might like to do some more digging around to see if this is the best option... – MadProgrammer Oct 28 '13 at 01:21
  • J888, since I assume this is your server you're sending it to, you need to set it up to use SSL. – Evan Oct 28 '13 at 01:23

1 Answers1

1

An AJAX request is just an HTTP request, essentially it's the same as what's happening if you were to write your form to submit the form data through a new page load. The form data is sent as POST data in the HTTP request whether or not the request is performed asynchronously.

As others have suggested, having the request go over SSL will improve security. You should consult your web host on how to purchase and install an SSL certificate.

andrewvnice
  • 463
  • 1
  • 4
  • 10