How to send user information securely using Ajax?

4

I am developing a login system and need to send the values through Ajax. The login will be in a modal window in the home, and because of this I will not use the HTTPS protocol. Can you send Ajax securely using SSL?

    
asked by anonymous 05.04.2014 / 02:07

1 answer

2

You can never do a secure operation on http, even if you plan to only use a service on https. This can seriously compromise system and user security, depending on severity, this can lead to a lawsuit for the victim and your client (if you are working for a third party).

In order for your site to always open on https, you can (or ask your host) to configure the application's http server, to always make requests on https.

A tip: I believe that on any http server that values itself, it is possible to define which content types do not need to be safe, such as CSS files and images.

The reason is that the data on the page remains unsecured, if the hacker, for example, waits for a token on your page, he can get it as soon as the client receives the authorization and so he can have full access to the account of the victim. This can be easily possible through ads or browser extensions for example.

So you can even continue using a modal, but since it's on https. The difference is that all traffic on https is encrypted, which means that only your server and the user's machine "know how to unscramble" that data.

I hope I have helped.

    
06.04.2014 / 03:43