Reputation: 1201
Security with sending ajax Request
In my web application I want to create change password page. All data such as current password, new password and confirm new password data send to changepassword.php by jquery ajax. The problem is that in firebug it shows all the data that I entered. See the figure below. I want to have security with these data How can I do it.
Upvotes: 0
Views: 71
Answers (1)
Reputation: 943615
The only person who can see the data in Firebug is the user who just typed it in so this is not a problem.
You need the data decrypted in the browser (because the user has to enter it there).
You need the data decrypted on the server (because your code has to do stuff with it there).
The only time you need to worry about the data being kept secret is when it is in transit from the browser to the server (or vice versa): Use SSL (HTTPS).
(You should also want to ensure that your passwords are stored securely in case your database is compromised, so use a robust hashing algorithm).
Upvotes: 5