SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Thread: xmlhttprequest

  1. #1
    SitePoint Member
    Join Date
    Feb 2008
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    xmlhttprequest

    Hi,

    What are the security risks in using xmlhttprequest?
    I was hoping to pass credit card details via xmlhttprequest to a script on my server although would this be a security risk?

    regards
    p_l

  2. #2
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,526
    Mentioned
    83 Post(s)
    Tagged
    3 Thread(s)
    Yes it would because the information is sent in the clear. You would be best served by using a secure server page instead.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  3. #3
    SitePoint Member
    Join Date
    Feb 2008
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks - I have changed my script to not submit card details via xmlhttprequest but through server scripting only.

    p_l

  4. #4
    SitePoint Wizard
    Join Date
    Nov 2004
    Location
    Nelson BC
    Posts
    2,310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Whether you use ajax xmlhttprequest or a regular form submit has no effect on the security of the transmitted data.

    That is determined by the protocol used, namely either http or https. I regularly use ajax over https.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •