pablitoman Posted February 1, 2017 Share Posted February 1, 2017 (edited) Hi everyone! In Chapter 15 the Ajax is using GET method to send sensitive information like email and password, that can be seen in browser. I don't understand why, I'm confused about that, because through entire book Larry said to use POST method and it is actually used in login.php. Why than login.ajax.php is using GET? And we can actually see that in browser inspector? Edited February 1, 2017 by pablitoman Link to comment Share on other sites More sharing options...
Larry Posted February 8, 2017 Share Posted February 8, 2017 You could just as easily use POST. I think a login is not a clear right way for POST vs. GET with Ajax in that it's kind of requesting information (i.e., GET) and but also arguably affecting an action (i.e., POST). With respect to seeing the data in the browser inspector, yes that's true, although if someone can access your browser inspector while you're in the process of logging in, you have bigger security problems than GET vs. POST. And, more importantly, POST Ajax data would be visible in the browser inspector, too. Link to comment Share on other sites More sharing options...
Recommended Posts