Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
geoffrey
28,736 Points$.ajax() method for user authentication ? Don't get it.
Hi everyone,
Lately I've decided to finish the course about Ajax and I 've started to review everything from the beginning.
However, there is now something I don't get, why should I use $.ajax() method for user authentication as stated at the end of the video ?
If I ask this, It's because I'm working on a personal project right now and I have at the moment a simple authentication system. This work pretty well and I don't use at all $.ajax(), I use $.post()..
In fact I just send to the server the password using the post method, and the php file where the datas are sent does the checking, in php...
- Is there anything wrong whith what I do I should be aware ?
And once again
- why should I use $.ajax() method for user authentication as stated at the end of the video ?
Thanks in advance
2 Answers
Philip G
14,600 Points$.post() is the shorthand of $.ajax(). There shouldn't be any difference between this two ways. If you need more control over the request and want different settings, e.G. handling errors, $.ajax() will be the function of your choice. In your case, I think $.post() will satisfy your needs, because on a personal project you know occurring errors.
geoffrey
28,736 PointsOk, thank you ,your answer conforts me because I had a little doubt with what I did within my project.
Philip G
14,600 PointsGlad to help!
geoffrey
28,736 Points@Marcus Parsons, that's indeed the concerns I had in mind. Finally I still use the $.post method for this user authentication. The checking of the password is indeed done using PHP. I do this verification inside the file used by the ajax call. I don't have a checking in the client side at the moment. I encrypted the password. I still somewhat have to enhance it anyway. I won't probably use SSL here, It's an application allowing user to report bugs, comment these bugs and for admins, they'll just have the possibility to manage all these bugs (basically a lightweight bug tracker) so sensitives datas won't be used...
I'll post the project once finished, It's going to last one to three months yet I guess.
Thank you for your enlightenment.
Marcus Parsons
15,719 PointsAnytime man. That sounds like it'll be pretty cool, and I can't wait to see it! Good luck, Geoff!
Marcus Parsons
15,719 PointsMarcus Parsons
15,719 PointsI know you've solved the main problem at hand, but I just want to make sure you're aware of a few things. Sending users sensitive data via AJAX is kind of safe if you're using an SSL certificate and JSONP for the connection so that the data can be encrypted on the users end and then decrypted on the servers end. If you're not using an SSL certificate to send the data, a man-in-the-middle attack will easily grab the plain text data being sent and allow a malicious user to get a hold of and use other user's information for their own ends. It's ill advised to use AJAX for user authentication, though, because although the plain text data is encrypted when transmitted from both ends, the plain text information can still be seen on the client computer and if someone has remote access to that machine, they can grab the data as they like. You'd have to rely on a client side encryption/decryption algorith, but you shouldn't rely on a JavaScript based encryption/decryption algorithm, because the code can be seen by the client and thus easily reverse engineered.
The best way to handle user authentication is still a server side language like NodeJS/PHP/Ruby/Python/etc., along with an SSL certificate, because the user (or any person sniffing on the connection) cannot see the data that is being processed by the server, unlike with client-side languages.