Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialRyan Smee
3,392 PointsIs Ajax & PHP a secure way to login?
I have written a basic PHP Script to send login details to a stored procedure in my db to cross reference login details and return a Boolean. I have used Ajax to post from my login form to this script.
Is Ajax a secure method of doing these sorts of transactions? Is there any essential steps to making php & Ajax login securer to malicious attacks?
Cheers
2 Answers
Stone Preston
42,016 Pointsare you hashing the passwords at all?
Ryan Duchene
Courses Plus Student 46,022 PointsIf done right, using Ajax to log in is no more secure or insecure than a regular page visit. Either way, you're still sending a POST request to the server, and it's still authenticating you. The only difference is in how the user perceives it. :)
Ryan Smee
3,392 PointsRyan Smee
3,392 Pointswhat do you mean by Hashing the password? I'm using Input type password so that it *s it out?
A simplified version of my JS is:
Stone Preston
42,016 PointsStone Preston
42,016 Pointssee this article on hashing passwords and PHP. you need to hash your password values. dont store the actual password in the db, and hash what the user enters and compare it to whats in the db to authenticate
Ryan Duchene
Courses Plus Student 46,022 PointsRyan Duchene
Courses Plus Student 46,022 PointsGoing off on a tangent here. A trick with jQuery: you don't have to format the data strings themselves. Use jQuery's
.serialize()
method on the form and it'll extract all the data and return it.Ryan Smee
3,392 PointsRyan Smee
3,392 Pointscheers guys! I will add .serialize() and I will have a look through that article and ensure that I am handling my passwords in the correct way etc :)
Cheers!