Thread: AJAX via HTTPS

    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2005
    Posts
    208
    Rep Power
    19

    AJAX via HTTPS


    On my home page I want to have a login that uses AJAX. The problem I am having is sending the request using https (https://www.webiste.com/login.php). It won't work if the main page was is send via http.

    Usually you just send the login form with POST and the action as https://www.webiste.com/login.php. Is this something you cannot do with AJAX?
  2. #2
  3. 4:04 Time Not Found
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jan 2004
    Location
    Northern Virginia
    Posts
    2,273
    Rep Power
    343
    Expected behavior, the browser treats http://www.example.com/ as a different domain as https://www.example.com/.

    Remember, if the user is posting data from an http to an https, the data is unencrypted, until it actually gets to the https. Thus, if you are passing something important (credit card info, authentication info, etc), you have a security hole. If anyone is sniffing traffic, they will be able to see the data in clear text in the logs. If your data is important enough to use https, you should start the user in an https environment, why not just have your entire site in https? That's a rhetorical question, I don't really care.
    I am so smart, I am so smart, S.M.R.T ... I mean S.M.A.R.T.

    Stop Using Pop-Ups
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2005
    Posts
    208
    Rep Power
    19
    Originally Posted by vbrtrmn
    Why not just have your entire site in https
    Isn't there some down side to this? I performance slower under https?
  6. #4
  7. 4:04 Time Not Found
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jan 2004
    Location
    Northern Virginia
    Posts
    2,273
    Rep Power
    343
    Not as far as I know.
    I am so smart, I am so smart, S.M.R.T ... I mean S.M.A.R.T.

    Stop Using Pop-Ups
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    May 2006
    Location
    I'm sneaking up behind you.
    Posts
    1,490
    Rep Power
    836
    Originally Posted by KeepTrying
    Isn't there some down side to this? I performance slower under https?
    Curious to know what you would give importance to , security or performance? Assuming that performance is slow under https.

    Comments on this post

    • vbrtrmn agrees
    Why do we always seek someone, something or some thought? Are we afraid of ourselves?
  10. #6
  11. c0der
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2005
    Location
    Vancouver
    Posts
    664
    Rep Power
    159
    Isn't there some down side to this? I performance slower under https?
    This guy seems to think "complete" https doesn't scale very well. It will become a burden on your server should you ever hit it big, traffic wise. The speaker recommended embedding ssl'd iframes to reduce the load.

    Comments on this post

    • vbrtrmn agrees

IMN logo majestic logo threadwatch logo seochat tools logo