jQuery,sending password via ajax?

Question

I have registration box,and I want users to register via ajax. Is it safe to send password via jquery ajax? If not,can someone explain what to do to secure password data,any

Answer 1

It's just as safe/unsafe as sending the password via a full post-back. You need to use an encrypted connection in order for it to be safe(r). Use SSL (https://).

Answer 2

Make sure that you're sending it via POST and use SSL rather than plain old http and you should be fine. Sending it via AJAX does not make it less safe than a regular post.

See this answer (and another discussion here) for a more in depth explanation, but the jist of it is that the request you're making, and the information that is transmitted over the wire is fundamentally the same whether its an AJAX request or form submit.

Answer 3

If you want to go one step further with security. You don't even need to collect the users password, you can generate a hash (with salt!) on the client side with something like this http://www.movable-type.co.uk/scripts/sha1.html then you never see the password, only the hash

The only issue with this is javascript is required. you can easily do a fallback however

Answer 4

If you're using HTTPS (SSL) (and please do for anything that needs to be secure) then yes an AJAX request is no more or less safe than a full postback to the server.

Answer 5

Just to clarify, there is not a 100% secure method to send any kind of data with Ajax, or even a normal POST.

A good practice is to use SSL/TLS Certificates, if you have a good SSL/TLS certificate nobody can sniff out the password from observing your network traffic.

Unfortunately these services are not free. (*)

If you don't want to pay for something like that and you're building a Sign Up / Log In you can simply use OpenAuth or OpenID and let people join using Social Networks avoiding many security steps both Client and Server side.

*: As suggested by Ivan Venediktov, you can now get a free SSL certificate by following this LINK.