Safest way to send username + password? [AJAX]

Get help using Construct 2

Post » Fri Oct 17, 2014 6:49 pm

@Ashley

How to make a log in, without make a log in? I'm confused about your description..

You said..

"If you want to check the user is logged in to your site, I would recommend using cookies or session state and simply AJAX a page that says if you're logged in or not (and the server can tell from your session/cookie)."

Cookies, session from where? And how can it be applied on Crosswalk methods..
You have any documentation or explanation to share about that?

PS: I am following the issue: https://code.google.com/p/play-games-pl ... il?id=108.. its a good implementation..
For Crosswalk.. a integration with Google Play would be quite enough to start.
B
7
Posts: 3
Reputation: 298

Post » Sat Oct 18, 2014 12:35 pm

Well you bumped a thread where I made comments about three years ago, and my stance has changed: as long as you have a decent SSL implementation, you should be OK - but you should still send password hashes and not actual passwords, so they're not even plaintext on the receiving endpoint. Anyways I don't consider myself a security expert so don't ask me.
Scirra Founder
B
359
S
214
G
72
Posts: 22,952
Reputation: 178,630

Post » Sat Oct 18, 2014 7:39 pm

There is no safe way. There is always someone there to hack it.
B
206
S
27
G
13
Posts: 1,848
Reputation: 35,846

Post » Thu May 12, 2016 8:23 am

This is what SSL is for, it will encrypt the details over the network.
B
17
S
5
G
2
Posts: 14
Reputation: 2,042

Post » Thu May 12, 2016 9:25 am

johnwalker if you say so but, me I don't trust anything. If there is will there is way. I am sure there are someone whom is better at hacking. Nothing is safe
B
206
S
27
G
13
Posts: 1,848
Reputation: 35,846

Post » Mon May 16, 2016 3:36 pm

Lordshiva1948 wrote:johnwalker if you say so but, me I don't trust anything. If there is will there is way. I am sure there are someone whom is better at hacking. Nothing is safe


I love your paranoia, but SSL (and secure server-side programming) are your best bet for now.
Secure server-side programming protects against:
https://owasptop10.googlecode.com/files ... 202013.pdf
https://www.ravenheart.ca/home
Company name changed to avoid Facebook-type shenanigans

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
18
S
5
G
1
Posts: 1,144
Reputation: 4,066

Post » Mon May 16, 2016 4:33 pm

gumshoe2029 like I said one cannot trust one another therefore forget your SSL or whatever
B
206
S
27
G
13
Posts: 1,848
Reputation: 35,846

Post » Mon May 16, 2016 4:40 pm

johnwalker wrote:This is what SSL is for, it will encrypt the details over the network.



This.
Who dares wins
B
50
S
10
G
10
Posts: 1,728
Reputation: 12,867

Post » Mon May 16, 2016 6:48 pm

Oh please give break
B
206
S
27
G
13
Posts: 1,848
Reputation: 35,846

Post » Tue May 17, 2016 5:01 am

Lordshiva1948 wrote:Oh please give break


Perhaps give yourself a break if you haven't got the faintest idea what your commenting about.

SSL is https:// connections.
Who dares wins
B
50
S
10
G
10
Posts: 1,728
Reputation: 12,867

PreviousNext

Return to How do I....?

Who is online

Users browsing this forum: No registered users and 17 guests