Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Securing and/or encrypting (hiding) POST variables in a jQuery ajax request

Tags:

javascript

jquery

security

php

I have an invite form on a web application I am working on. This invite form requires the user to select an email account and then enter a username and a password. These details are sent as POST variables via an ajax request using jQuery. The problem is that I can see the entered password (as well as other POST variables) in plain text using mozilla plugin FireBug.

I believe being able to see the password in plain text (in Firebug) is not ideal. Is there anyway I can prevent this? I tried making the ajax call FROM a page served over HTTPS and made the request over HTTPS as well but I can still see all the POST variables in plain text in Firebug.

Is there some way I could encrypt these variables client-side and then decrypt them on the server-side? Or is there some other solution?

like image 766
davidadamojr Avatar asked Mar 16 '11 14:03

davidadamojr

People also ask

Is AJAX request GET or POST?

GET vs POST in AJAX callsUnless you are sending sensitive data to the server or calling scripts which are processing data on the server it is more common to use GET for AJAX calls. This is because when using XMLHttpRequest browsers implement POST as a two-step process (sending the headers first and then the data).

Are AJAX requests secure?

Since AJAX calls are encrypted with a session key, AJAX queries cannot be sent directly to the server. If an attempt is made to send queries directly, the response given by the page will be "Forbidden," as the page expects to receive encrypted text in the AJAX call.

Why do we use processData in AJAX?

processData. If set to false it stops jQuery processing any of the data. In other words if processData is false jQuery simply sends whatever you specify as data in an Ajax request without any attempt to modify it by encoding as a query string.

Which tag is used for AJAX request?

The application uses the attributes of the f:ajax tag listed in Table 11-1 to create the Ajax request.

1 Answers

If you're using HTTPS, there's no need to worry (as long as HTTPS is properly setup, but this isn't relevant to this question).

You can see the values in Firebug because Firebug can see the headers sent by your browser, but no one except the browser can read these data.

Actually, you can't hide the value from Firebug, because the browser has to know what to send and Firebug can access everything your browser can.

like image 115
krtek Avatar answered Sep 20 '22 17:09

krtek
Sign in to Comment

Related questions

The redirect_uri URL must be absolute Facebook login PHP SDK
How to check if php://input is set?
PHP array get next key/value in foreach() [duplicate]
ucwords not capitalizing accented letters
Do I need to sanitize the user input Laravel
What will happen if they changed PASSWORD_DEFAULT in PHP Password library?
Yii2 : how to cache active data provider?
Is there a "not allowed" character list for mysql table's column names?
Prevent PHPExcel to calculate values when writing to file
Getting cron to run on php:7-fpm image [closed]
Docker php: What are the :zts php images on Docker Hub
Laravel is too slow [closed]
How to ask for additional GET parameters in an endpoint of api-platform using swagger docs?
PHP memory limit
The Namespace operator... what's the big deal?
PHP APC, educate me
PHP and MVC, multiple models
How to decode numeric HTML entities in PHP
mkdir() not working
Making SOAP-call in PHP and setting SSL version

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!