Website Security Question.

[njdubois]

Hello there!

 

I'm in the midst of building a page on my website that allows users to change their details.  Including usernames and passwords.  I love using JS and AJAX to do these kinds of forms but feel very uncomfortable submitting these types of new details to the database over AJAX.

 

I know I can rename variables and make things hard to read, but really I would prefer to not have to do this.  I'm not submitting database field names in the URL, and my select/update strings are extremely narrowed down.  Passwords are encrypted, I've taken all the common sense steps.

 

Is there any other technology that allows updating only a part of a page, that is more secure?  It's all client side I guess, so I understand my question is pointless.  Maybe there is something?

 

Thanks

 

Nick 

[requinix]

Doing it over AJAX is just as secure/insecure as using a regular form. Really, the only difference between the two (besides the implementation) is whether the form will cause the browser to navigate to a new URL or not.

[KevinM1]

Yup.  No matter how you do it, user data will be sent to the server.  Code defensively, and you should be fine.

[martov]

Yep folks are right. Just make sure your backend is secured and don't think about it