17

I'm fairly new to the AJAX methodologies (I only recently discovered jQuery a short time ago). I am interested to know if there is anyway to authenticate a user on a PHP setup; securely.

Does jQuery have any special options to allow use of HTTPS (or any other way to encrypt my ajax call)?

Yes, I could very well just post data back to the server, but that ruins the fun. :)

Improve this question

3 Answers 3

Reset to default
14

To use Ajax over HTTPS, you have to load the originating page over HTTPS.

Same origin policy

So, in a sense, yes -- but, not on its own.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

"While it is not possible to directly query websites for data due to the same origin policy, the <script> tag does not honor the same-origin policy and can be used in conjunction with JSON." - from the link you provided. Are you sure?
Using a script tag in conjunction with JSON is JSONP. You provide a javascript callback method (as a string) in your ajax request. The server then returns the JSON response as a parameter of this callback function. west-wind.com/Weblog/posts/107136.aspx. JSONP doesn't use XmlHTTPRequest
Thanks for the explanation of JSONP. Does that prove the initial poster correct?
What if the login box is a popup on an http page -- the home page or any part of the site. I need to make it use https for the ajax login call, but I am not able to unless the whole site is encrypted? That's ridiculous...
@Ihnz — If you load secure content into an insecure page, you lose security. The insecure page can be subject to a man-in-the-middle attack that injects code to steal the data from the secure page. If you want security then use SSL, and keep using it. Don't use Ajax, switch the entire use of the site over to a secure connection. Aside from the previously mentioned man-in-the-middle attack, switching out of secure mode subjects you to Firesheep style attacks. The only thing that is ridiculous is expecting to get security at times when you don't use SSL
3

Well, in case you are intrested. There is AES JavaScript implementation. I had lots of fun playing with it :). Still, it might be litte tricky...

Improve this answer

1 Comment

While it's not directly anwsering question about encrypting ajax calls it's a useful link.
2

Unless jQuery already does this (I use MooTools so I wouldn't know) I'd highly suggest that you link the AJAX login to the PHP session by using a $_GET variable in the query string. This way even though it's through HTTPS, you'll still know what session its tied to for an added layer of protection.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.