使用ajax发送用户名和密码是否安全?
[英]Is it safe to send username and password using ajax?
问题描述
I am using the following code to send my username and password to backend. 
我正在使用以下代码将用户名和密码发送到后端。 The reason that I am sending them in this way is that I am showing the login form in a lightbox and need to show the result messages "You are authenticated", "Not authorized" in the lightbox without closing it. 之所以以这种方式发送它们,是因为我在灯箱中显示登录表单,并且需要在不关闭灯箱的情况下显示结果消息“您已通过身份验证”,“未授权”。
<form id="authform" onsubmit="return authenticate()">
...
I am wondering if it is a secure practice to send the username and password through ajax to backend? 我想知道通过ajax将用户名和密码发送到后端是否安全? if it is not what would be a better approach as I need to show the form in a lightbox and need to keep it open to show the results. 如果不是这样,那将是更好的方法,因为我需要在灯箱中显示表单,并保持打开状态以显示结果。
1 个解决方案
解决方案1
1 已采纳 2013-10-28 01:30:26
An AJAX request is just an HTTP request, essentially it's the same as what's happening if you were to write your form to submit the form data through a new page load. AJAX请求只是一个HTTP请求,从本质上讲,这与您编写表单以通过新页面加载提交表单数据时发生的操作相同。 The form data is sent as POST data in the HTTP request whether or not the request is performed asynchronously. 无论请求是否异步执行,表单数据都将作为POST数据发送到HTTP请求中。
As others have suggested, having the request go over SSL will improve security. 正如其他人所建议的那样,让请求通过SSL可以提高安全性。 You should consult your web host on how to purchase and install an SSL certificate. 您应咨询您的网络托管商有关如何购买和安装SSL证书的信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.