freelance84 Posted May 27, 2011 Share Posted May 27, 2011 Just getting to grips with the basics of AJAX... One thing i have noticed though, if you have the "console" of "firebug" running whilst you click around on your page, you can see all the activity.... I am now trying to change the log in to AJAX for a site... however i noticed it is very easy to see what the information sent was, even when using $_POST... Here is the simple HTML of the log in: Username<br/> <input type="text" id="username" value=""/><br/> Password<br/> <input type="text" id="password" value=""/><br/> <input type="button" value="Sign In" onclick="postLogIn()"/> Here is the awaiting js function: /*login via ajax with POST*/ function postLogIn(){ /*xml connection*/ if (window.XMLHttpRequest) { /*code for IE7+, Firefox, Chrome, Opera, Safari*/ xmlhttp=new XMLHttpRequest(); } else{ /* code for IE6, IE5*/ xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } /*get the username and password*/ username = document.getElementById('username').value; password = document.getElementById('password').value; /*setting the variables*/ var url = "indexAjaxProcessor.php?test"; var params = "username="+username+"&password="+password; xmlhttp.open("POST", url, true); /*Send the proper header information along with the request*/ xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlhttp.setRequestHeader("Content-length", params.length); xmlhttp.setRequestHeader("Connection", "close"); xmlhttp.onreadystatechange = function() {//Call a function when the state changes. if(xmlhttp.readyState == 4 && xmlhttp.status == 200) { alert(xmlhttp.responseText); } } xmlhttp.send(params); } Is there a better way of sending log in details with AJAX... one which cannot be as easily seen with firebug? Or is this the real only way? (Before anyone jumps in and says use jQuery... I prefer to understand what i'm using before using someone elses pre-made scripts) Quote Link to comment Share on other sites More sharing options...
requinix Posted May 27, 2011 Share Posted May 27, 2011 Congratulations: you've discovered just how insecure HTML forms actually are. You can't hide the information from Firebug, because doing so would require hiding it from the browser as well. Which wouldn't work because the browser is the thing that actually sends the information. Client-side encryption/encoding would help a little, but the original information would still be available to anybody on that machine who wanted to see it. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted May 29, 2011 Author Share Posted May 29, 2011 Client-side encryption/encoding would help a little, but the original information would still be available to anybody on that machine who wanted to see it. So basically there is not much point. Ok, thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.