如何安全是它来发送使用AJAX明文密码? [英] How safe is it to send a plain text password using AJAX?
问题描述
也许标题是不好措辞,但也想不出来的说这更好的方法。
Maybe the title is badly phrased but couldn't think of a better way of saying it.
我工作的一个登录系统的时刻(没有正式的,只是实验),并计划使用PHPLiveX(一个AJAX库)的一些功能。基本上你创造一些PHP函数然后将其通过JavaScript调用。您可以添加参数(的getElementById),以被转移到PHP函数的JavaScript。
I am working on a login system at the moment (nothing formal, just experimenting) and was planning on using PHPLiveX (an AJAX library) for some features. Basically you create some PHP functions which are then called via JavaScript. You can add parameters (getElementById) to the JavaScript that are transfered to the PHP function.
我真正想知道的是,它是否是安全的,只是调用从JavaScript函数,不必先把加密的密码,然后让PHP函数进行加密(SHA256在这种情况下)。通过AJAX传输的数据可以被拦截?如果是这样的可能性有多大呢?
What I really wanted to know is whether it is safe to just call the function from JavaScript without encrypting the password first, then letting the PHP function encrypt it (SHA256 in this case). Can the data transfered via AJAX be intercepted? If so how likely is this?
推荐答案
没有更多或小于通过浏览器发出一个普通的HTTP POST请求的安全(如从<形式GT; )
No more-or-less safe than a normal HTTP POST request issued by a browser (as in from a <form>)
帮了,这是相同的修复非AJAX请求 - 使用SSL
The "fix" for this is the same "fix" for non-AJAX requests - use SSL.
这篇关于如何安全是它来发送使用AJAX明文密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
