简体繁体 English

是否可以使用jQuery加密AJAX调用以进行身份验证？

[英]Is encrypting AJAX calls for authentication possible with jQuery?

原文 2008-09-29 09:20:39 6 3 php/ jquery/ ajax/ security/ https

I'm fairly new to the AJAX methodologies (I only recently discovered jQuery a short time ago). 我是AJAX方法的新手（我最近才刚刚发现了jQuery ）。 I am interested to know if there is anyway to authenticate a user on a PHP setup; 我很想知道是否还有PHP设置上的用户身份验证; securely. 牢固。

Does jQuery have any special options to allow use of HTTPS (or any other way to encrypt my ajax call)? jQuery是否有任何特殊选项允许使用HTTPS（或任何其他方式来加密我的ajax调用）？

Yes, I could very well just post data back to the server, but that ruins the fun. 是的，我很可能只是将数据发回服务器，但这会破坏乐趣。 :) :)

3 个解决方案

To use Ajax over HTTPS, you have to load the originating page over HTTPS. 要通过HTTPS使用Ajax，您必须通过HTTPS加载原始页面。

Same origin policy 同源政策

So, in a sense, yes -- but, not on its own. 所以，从某种意义上说，是 - 但不是靠自己。

Well, in case you are intrested. 好吧，万一你有兴趣。 There is AES JavaScript implementation . 有AES JavaScript实现。 I had lots of fun playing with it :). 我玩得很开心:)。 Still, it might be litte tricky... 不过，它可能很棘手......

Unless jQuery already does this (I use MooTools so I wouldn't know) I'd highly suggest that you link the AJAX login to the PHP session by using a $_GET variable in the query string. 除非jQuery已经这样做了（我使用MooTools所以我不知道）我强烈建议您通过在查询字符串中使用$_GET变量将AJAX登录链接到PHP会话。 This way even though it's through HTTPS, you'll still know what session its tied to for an added layer of protection. 这种方式即使通过HTTPS，您仍然可以知道它与哪个会话相关联，以获得额外的保护层。