Reputation: 18208
Securely pass username and password info to Ajax php script
I have a PHP script that is used to return data to a web page via AJAX. In the PHP script a connection to MySQL is made by the specific user logged into the website, the data is downloaded then returned to the web page. For this purpose username and password info are passed to the script via $_GET variables (I know, very bad). This was done in haste but now I want to fix this problem. The obvious problem is that these credentials show up when the webpage page it loads.
What is the best (most secure) way of passing these variables to the PHP script? Encryption?
Am I going about this all wrong? Is there a better way of doing this?
Upvotes: 1
Views: 1146
Answers (2)
Reputation: 9912
Encryption would be kind of useless here as JavaScript is client-side and not server side. A way to have it more secure is using SSL and don't handle the login via AJAX but POST without using AJAX.
Upvotes: 4
Reputation: 1174
Well, if you don't feel like reworking it into POST (see Kaisers answer +1), you could pass some additional unique encrypted $_GET variables that would act like authentication before any data is actually processed or returned.
Upvotes: 0
Related Questions
- Sending passwords with Ajax to PHP
- wordpress: securely sending user credentials to new page
- Ajax to PHP Login Script Secure
- How to secure my login credentials within an ajax call?
- passing password values using javascript/ajax to php page
- Securely pass information to PHP via AJAX?
- Authentication using AJAX & PHP
- php username and password validation secure code
- proper way to craft an ajax call with php and auth
- Sending login information via AJAX