password ajax,jQuery,sending password via ajax?

可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效，请关闭广告屏蔽插件后再试):

问题:

I have registration box,and I want users to register via ajax.

Is it safe to send password via jquery ajax?

If not,can someone explain what to do to secure password data,any example?

回答1:

Just to clarify, there is not a 100% secure method to send any kind of data with Ajax, or even a normal POST.

A good practice is to use SSL/TLS Certificates, if you have a good SSL/TLS certificate nobody can sniff out the password from observing your network traffic.

Unfortunately these services are not free. (*)

If you don't want to pay for something like that and you're building a Sign Up / Log In you can simply use OpenAuth or OpenID and let people join using Social Networks avoiding many security steps both Client and Server side.

*: As suggested by Ivan Venediktov, you can now get a free SSL certificate by following this LINK.

回答2:

Make sure that you're sending it via POST and use SSL rather than plain old http and you should be fine. Sending it via AJAX does not make it less safe than a regular post.

See this answer (and another discussion here) for a more in depth explanation, but the jist of it is that the request you're making, and the information that is transmitted over the wire is fundamentally the same whether its an AJAX request or form submit.

回答3:

If you're using HTTPS (SSL) (and please do for anything that needs to be secure) then yes an AJAX request is no more or less safe than a full postback to the server.

回答4:

It's just as safe/unsafe as sending the password via a full post-back. You need to use an encrypted connection in order for it to be safe(r). Use SSL (https://).

回答5:

If you want to go one step further with security.

You don't even need to collect the users password, you can generate a hash (with salt!) on the client side with something like this http://www.movable-type.co.uk/scripts/sha1.html then you never see the password, only the hash

The only issue with this is javascript is required. you can easily do a fallback however