Menu
I'm fairly new to the AJAX methodologies (I only recently discovered jQuery a short time ago). I am interested to know if there is anyway to authenticate a user on a PHP setup; securely.
Does jQuery have any special options to allow use of HTTPS (or any other way to encrypt my ajax call)?
Yes, I could very well just post data back to the server, but that ruins the fun. :)
347
Since AJAX calls are encrypted with a session key, AJAX queries cannot be sent directly to the server. If an attempt is made to send queries directly, the response given by the page will be "Forbidden," as the page expects to receive encrypted text in the AJAX call.
AJAX calls are itself protect CSRF using “Common Origin Policy” when CORS is disabled and JSONP requests are blocked. To prevent CSRF attack one step ahead, we can implement Anti Forgery token similar to MVC framework. AJAX calls can be called from web application as well as from MVC. In MVC, @html.
AJAX itself will not increase or decrease the security of your site, at least if its implementation is elaborate. The client (browser) will have turned JavaScript on or off. If it is turned on, there may be more insecurities on the client side, but this won't affect your server and hence your site.
To use Ajax over HTTPS, you have to load the originating page over HTTPS.
Same origin policy
So, in a sense, yes -- but, not on its own.
107
Well, in case you are intrested. There is AES JavaScript implementation. I had lots of fun playing with it :). Still, it might be litte tricky...
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
