password ajax,jQuery,sending password via ajax?

于 2021-08-06 09:27:27 发布
阅读量210 收藏
点赞数
文章标签: password ajax

可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):

问题:

I have registration box,and I want users to register via ajax.

Is it safe to send password via jquery ajax?

If not,can someone explain what to do to secure password data,any example?

回答1:

Just to clarify, there is not a 100% secure method to send any kind of data with Ajax, or even a normal POST.

A good practice is to use SSL/TLS Certificates, if you have a good SSL/TLS certificate nobody can sniff out the password from observing your network traffic.

Unfortunately these services are not free. (*)

If you don't want to pay for something like that and you're building a Sign Up / Log In you can simply use OpenAuth or OpenID and let people join using Social Networks avoiding many security steps both Client and Server side.

*: As suggested by Ivan Venediktov, you can now get a free SSL certificate by following this LINK.

回答2:

Make sure that you're sending it via POST and use SSL rather than plain old http and you should be fine. Sending it via AJAX does not make it less safe than a regular post.

See this answer (and another discussion here) for a more in depth explanation, but the jist of it is that the request you're making, and the information that is transmitted over the wire is fundamentally the same whether its an AJAX request or form submit.

回答3:

If you're using HTTPS (SSL) (and please do for anything that needs to be secure) then yes an AJAX request is no more or less safe than a full postback to the server.

回答4:

It's just as safe/unsafe as sending the password via a full post-back. You need to use an encrypted connection in order for it to be safe(r). Use SSL (https://).

回答5:

If you want to go one step further with security.

You don't even need to collect the users password, you can generate a hash (with salt!) on the client side with something like this http://www.movable-type.co.uk/scripts/sha1.html then you never see the password, only the hash

The only issue with this is javascript is required. you can easily do a fallback however

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值