Menu
I have made a simple login form, but what is bugging me is that if you view the request (it's ajax), you can see the users password i.e. ?user=Bob&pass=secret
Is this something not to worry about at all or am I doing it wrong? I can't think of a way around this.
247
Always use HTTPS and always opt for POST. The GET method will allow your browser to store the username and password when it stores the URL in its history and can also be sent to third party sites, e.g., google analytics. Also, servers will often log the request data including query string parameters. It's pretty clear why using GET is a very bad idea.
196
If you are not using SSL then GET and POST are equivalent. Although POST is more secure as compared to GET when SSL is present.
GET sends the data unencrypted but when you will use SSL then the HTTP data which will be send will be encrypted and hence it will be secure.
You can check out the related thread:- Send password safely using an ajax request
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
