How to send user information securely using Ajax?

Asked

Viewed 363 times

4

I am developing a login system and need to send the values by Ajax. The login will be in a modal window at home, and because of that I will not use the HTTPS protocol. You can send securely by Ajax using SSL?

  • I don’t understand why you don’t use https. If you want data to transit encrypted, you need to use https.

  • Whenever the user enters the home of the site he will need to access the https protocol? One solution I found is to put an iframe inside the modal window with a link to a secure page, but I’m trying to find another way to do.

  • Not necessarily. You can only point the ajax request to a secure url.

  • But the encrypted transitions?

  • 2

    Yes, if the request destination is an https url.

1 answer

2


You can never do a secure http operation, even if you only intend to use a service on https. This can greatly compromise system and user security, depending on the severity, this can lead to legal action by the victim and your client (if you are working for a third party).

In order for your site to always open in https, you can (or ask your host) set up the application’s http server, to make requests always in https.

A tip: I believe that on any reputable http server, it is already possible to define which content types do not need to be safe, such as CSS files and images.

The reason is that, the data on the page remains insecure, if the hacker for example waits for a token on your page, he can get it as soon as the client receives the authorization and so he can have full access to the victim’s account. This can be easily possible through ads or browser extensions for example.

So you can even continue using a modal but, as long as it is in https. The difference is, all https traffic is encrypted, which means that only your server and the user machine "know how to untangle" that data.

I hope I’ve helped.

  • The user environment will always use https, but I want to avoid this on page that will not be necessary. If I put an iframe inside the modal window resolves right?

  • I see no need for you to "avoid" using https. What will be the gain of you doing this?

Browser other questions tagged

You are not signed in. Login or sign up in order to post.