weixin_33721427 2015-12-03 03:53 采纳率: 0%
浏览 15

beforeSend jquery ajax

I am making a simple login for my website and I am using ajax to interact with database. I wanted to make it a bit safe so I search for security for ajax so I search for AJAX authentication and read a question in SO regarding this. Found this and links to this. Unfortunately I dont really understand what it does or how it works. I am hoping someone would clarify this for me. In layman's term.

$(document).on('click', '#login', function() {
    var UserName = $('#username').val();
    var PassWord = $('#password').val();
    console.log(UserName);
    if (UserName) {
        if (PassWord) {
            $.ajax({
                type: 'POST',
                url: 'ajax/Login.php',
                dataType: "json",
                data: {
                    username: UserName,
                    password: PassWord
                },
                beforeSend: function(xhr) {
                    xhr.setRequestHeader("Authorization", "Basic " + btoa(UserName + ":" + PassWord));
                },
                success: function(data) {
                    if (data.error == true) {
                        $("#dialog").html(data.message);
                        $("#dialog").dialog({
                            title: "Login"
                        });
                        $("#dialog").dialog("open");
                    } else {
                        window.location = 'pages/dashboard.php';
                    }
                    //window.location = 'pages/dashboard.php';
                },
                error: function(data) {
                    alert('Login Error');
                    //window.location='../login.php';
                }
            });
        } else {
            $("#dialog").html("Password is empty!");
            $("#dialog").dialog({
                title: "Owner Information"
            });
            $("#dialog").dialog("open");
        }
    } else {
        $("#dialog").html("Username is empty!");
        $("#dialog").dialog({
            title: "Login"
        });
        $("#dialog").dialog("open");
    }

});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<input type="text" name="un" id="username" />
<input type="password" name="pw" id="password" />
<input type="button" id="login" value="Login " name="login1" style="background-color:#feaa38;width: 100px" />

This code above is my code plus the additional code I got from the link. This below is the additional code.

beforeSend: function(xhr) {
    xhr.setRequestHeader("Authorization", "Basic " + btoa(UserName + ":" + PassWord));
},

I want to know.

  1. What does ajax authentication do.
  2. Do I really need it.
  3. How do i know it is working.
  4. What does it really do.
</div>
  • 写回答

1条回答 默认 最新

  • weixin_33728708 2015-12-03 04:30
    关注
    1. Don't get too caught up on the Ajax here. This is simply taking advantage of the "Basic" Authentication that Apache Provides. The user/pass needs to match against those in the .htpasswd file that is referenced. Apache will intercept the request and then after verifying will reroute the request to the original destination and has stored the authorized session for you now.

    2. This seems like overkill. You're sending the username and password to authenticate to all future server requests (presumably) and not just to login to your software. It seems a bit much to control the user in 2 places as opposed to one.

    3. If you have protected your pages in such a way that having a password and username is required to view the site, then this will ensure that every request made must follow this. However, once they're logged in it's redundant to perform this action.

    4. This is explained through 1-3.

    This does seem like overkill, and I don't think it adds anymore security. Once someone knows one password, they know both. Ditch it.

    评论

报告相同问题?

悬赏问题

  • ¥15 宇视监控服务器无法登录
  • ¥15 PADS Logic 原理图
  • ¥15 PADS Logic 图标
  • ¥15 电脑和power bi环境都是英文如何将日期层次结构转换成英文
  • ¥20 气象站点数据求取中~
  • ¥15 如何获取APP内弹出的网址链接
  • ¥15 wifi 图标不见了 不知道怎么办 上不了网 变成小地球了
  • ¥50 STM32单片机传感器读取错误
  • ¥50 power BI 从Mysql服务器导入数据,但连接进去后显示表无数据
  • ¥15 (关键词-阻抗匹配,HFSS,RFID标签天线)