Is it secure to send a password through an Ajax request?
I have a login box that makes an Ajax request to check the login credentials and receive a JSON Object with any errors.
Would it be better to use form redirection instead?
[EDIT] Storing the encrypted password in the database is not a viable solution as the login and password sent via Ajax are used to access the database itself within an internal application.
To ensure the privacy and security of your data, opt for HTTPS over HTTP when sending sensitive information. With HTTPS, all communications between the server and client are encrypted, making it extremely difficult for any third party to intercept.
Just imagine the technical challenge, it's possible. With access to a one-way cryptographic function encrypt(data,key) that satisfies
encrypt(encrypt(D,A),B) == encrypt(encrypt(D,B),A)SECRET. Keep it to yourself.encrypt(password,SECRET) in the database.RANDOMencrypt(password,RANDOM) via unsecure AJAX. The actual password stays on the user's device.encrypt(encrypt(password,RANDOM),SECRET)encrypt(encrypt(password,SECRET),RANDOM)This whole process is overly complex and demanding to implement accurately and securely. Purchasing an SSL certificate and enabling HTTPS provides significantly easier access to this level of security, plus more.
Here are some ways to enhance password security:
Encrypt the password and save it in the database
On the client side: encrypt the password, then add a salt (combine with session_id string), and encrypt again
On the server side: retrieve the encrypted password from the database, add a salt (combine with session_id string), and encrypt again
[Edit: finally, compare the hash-salt-hash generated on the server with the one sent from the client]
Attempting to intercept your hash-salt-hash password is ineffective now, as it is only valid for that specific session...
Have you heard of a "zero knowledge protocol"? It's a clever way to verify a password without actually sending it over the internet. This involves communication between the user's browser and the server, all in JavaScript.
Interestingly, these protocols can still provide security even if the connection isn't encrypted. However, it's important not to solely rely on this method and neglect using SSL encryption. Otherwise, a man-in-the-middle attack could easily intercept and replace your zero knowledge protocol with a fake one that steals passwords.
I am struggling with this basic HTML/Vue/Vuetify code snippet below, and I can't seem to get it functioning as intended. const { createApp, computed, ref, reactive } = Vue; const { createVuetify } = Vuetify; const ...
I am experiencing an issue in my ReactJS project. When I attempt to upload an image using react-images-uploader, I encounter the following error: "Cannot POST /images error" Below is the code snippet for the image upload: <ImagesUploader ur ...
I am currently developing my debut single page Angular.js application and finding myself in a bit of a rut when it comes to programmatically compiling/evaluating a custom directive to insert it into the DOM from within a controller. The custom directive I ...
$("td[id^='td' + myvar + '_']") Can someone help me with a solution to substitute the static value of 0 in this code snippet with the dynamic variable myvar? Thanks! ...
As of now, this is the current appearance of the code which includes a Chart.js first image preview. I am seeking advice on how to prevent my data chart from starting at the Y axis. The result of the code can be viewed below. var ctx = document.getEl ...
I need help customizing the background color of required input fields that are left empty when a user submits a form. Some of the fields are optional, but I want only the required ones to be highlighted in red. Specifically, the required fields have been ...
Recently, I've been delving into the world of Express and experimenting with a program that allows users to create events and invite others. While I know about using join tables to retrieve data, I'm curious if there's a way to organize the ...
I recently started working with Angular and I'm trying to figure out how to retrieve data from a REST API using a scope variable to determine the URI for the GET request. Imagine that I have an array of numbers being generated by a service in my app ...
Is there a way to adjust the timing for the appearance of the add-to-cart when hovering over the product-list-item? Currently, it appears when I hover over the item and disappears when I move my mouse away. .product-list-item { position: relative; w ...
I'm currently facing a challenge with my php scripts that fetch data, as they take quite a long time to complete. Consequently, this delays the loading time of highcharts on my website, since the chart is only displayed once the data retrieval process ...
I'm struggling to implement a mask for a TextField component, but so far I have not been successful. Although I attempted this solution, it did not work. No matter what method I try, the masking functionality just won't cooperate. Following the ...
My Java Server is set up to listen for messages from an Ionic 2 Client using Sockets.io. The server can successfully send messages to the client, but I am facing issues with getting the client to send messages back to the server. For example, when the jav ...
Currently, I am in the process of developing a web application using nestjs and typeorm. I have been contemplating the functionality of the following code: const r1 = await this.connection.query(sqlA) const r2 = await this.connection query(sqlB) Does th ...
var map1= new Map(); map1.set("one",1); var map2 = new Map(); map2.set("two",2); concatMap = {}; concatMap['one']= map1; concatMap['two']= map2; JSON.stringify(concatMap); //outputs : "{"one":{},"two":{}}" I als ...
I need to create a form with the following columns: fullname, email, mobile, and address. If the visitor fills out the mobile field, they should only be allowed to enter numbers. And if the visitor fills out the email field, they should only be allowed to ...
Can you help me figure out how to create nested dynamic components while maintaining the parent-child relationship? For instance, if I have data structured like this: - A --A.1 --A.2 -B --B.1 -C I want to build components that reflect this structure, su ...
My goal is to utilize HTML5 on the client side in order to convert an "image object" into a "File object" for uploading to azure blob storage. I am working with AngularJs and my approach involves: Converting the image to a file Uploading the file to blob ...
I am currently integrating the select2 library within a Bootstrap 4 modal in the following manner: <div class="form-group" id="fg-jbInd"> <label for="jbIndustry" class="control-label"gt;Industry * <sele ...
While working on my Angular project with the Highcharts API, I encountered a situation where I needed to pass a state code to a class level method after drilling down to a specific map location. Below is the snippet of my current code: ngOnInit() { this. ...
I am currently utilizing asp.net 3.5 on my project. Everything operates smoothly with a jquery function triggered by the 'hover' event. An issue arises after refreshing the browser, which triggers some divs to update using ajax calls. After th ...