quick question, is it secure to use the jQuery.post function in jQuery to pass a users login information to a PHP script? Im thinking about using a piece of code like this:
$("#login_form").submit(func开发者_开发问答tion() {
var unameval = $("#username").val();
var pwordval = $("#password").val();
$.post("backend.php", { username: unameval, password: pwordval },
function(data) {
$("#status p").html(data);
});
return false;
});
I'm just wondering if this just as secure as creating a standard login form that requests a new page upon submit.
jQuery doesn't make this system less secure. You do have to worry about the same types of attacks that affect other login systems. So I would recommend using SSL as well as a CSRF token. If you don't include a CSRF token then an attacker can use other people browsers to brute force your login portal, nasty stuff.
I don't see any difference on a packet-sniffing level. You can use SSL to improve things a bit, but otherwise it's all about how you plan on setting that login cookie. A request is a request is a request.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论