An AJAX submission is as secure as a normal form submission - both go via the same mechanism.
For security in both you should use HTTPS. If submitting only via AJAX you could implement client-side encryption with a public key, the server can then decrypt this, but this wouldn't apply to normal form submissions hence I suggest HTTPS. On 7/6/07, Shelane <[EMAIL PROTECTED]> wrote:
I'm sure someone out there has done a login via ajax. What's the securest way to pass a username and password into the server. Currently, I have the case where a user desires to register for an event. If the user is not logged in, he/she is presented with a login form that has a "Register for this Event" and hidden fields with event info, etc. If the user authenticates properly, there will be no issue and I'd be able to log the user in and register that user for that event. However, if the user mistypes his/her password, I have an issue. So, I'd have to take the user to another login form, retain all the "desired action" information (this could be something other than event registration) and continue this until the user authenticates properly. However, if I can authenticate that user before I have to take them away from that inital form, I can just keep them there until they authenticate properly, then move ahead once they do. Is an ajax submission even the way to go? I'm looking for ideas out there from you wonderful developers.
-- Rob Desbois Eml: [EMAIL PROTECTED] Tel: 01452 760631 Mob: 07946 705987 "There's a whale there's a whale there's a whale fish" he cried, and the whale was in full view. ...Then ooh welcome. Ahhh. Ooh mug welcome.
