Skip to main content
Information Security

Return to Question

added 397 characters in body
Source Link
Rory Alsop
Rory Alsop
  • 61.8k
  • 12
  • 123
  • 330

I understand sending passwords in the clear over GET is not considered secure because the query string can be logged by multiple eavesdroppers.

However if I REALLY need to use JSONP to submit a username and password to my server, is there a way to do it?

Maybe some crypto on the back-end and front-end?

I was just trying to have a simple approach to get my users to login to two domains (not sub-domains) at the same time, without breaking CORS rules. Basically, what I get in my logs now is this

GET /login/jsonp?callback=jQuery21403191181201609543_1535388742134&email=email%40gmail.com&password=SjRrNOHzN&_=1535388742135 200 32.987 ms - 130.

I believe such query is not secure.

I understand sending passwords in the clear over GET is not considered secure because the query string can be logged by multiple eavesdroppers.

However if I REALLY need to use JSONP to submit a username and password to my server, is there a way to do it?

Maybe some crypto on the back-end and front-end?

I understand sending passwords in the clear over GET is not considered secure because the query string can be logged by multiple eavesdroppers.

However if I REALLY need to use JSONP to submit a username and password to my server, is there a way to do it?

Maybe some crypto on the back-end and front-end?

I was just trying to have a simple approach to get my users to login to two domains (not sub-domains) at the same time, without breaking CORS rules. Basically, what I get in my logs now is this

GET /login/jsonp?callback=jQuery21403191181201609543_1535388742134&email=email%40gmail.com&password=SjRrNOHzN&_=1535388742135 200 32.987 ms - 130.

I believe such query is not secure.

edited body
Source Link
Emilio
Emilio
  • 101
  • 2

I understand sending passwords in the clear over GET is not considered secure because the query string can be logged by multiple eavesdroppers.

However isif I REALLY need to use JSONP to submit a username and password to my server, is there a way to do it?

Maybe some crypto on the back-end and front-end?

I understand sending passwords in the clear over GET is not considered secure because the query string can be logged by multiple eavesdroppers.

However is I REALLY need to use JSONP to submit a username and password to my server, is there a way to do it?

Maybe some crypto on the back-end and front-end?

I understand sending passwords in the clear over GET is not considered secure because the query string can be logged by multiple eavesdroppers.

However if I REALLY need to use JSONP to submit a username and password to my server, is there a way to do it?

Maybe some crypto on the back-end and front-end?

Source Link
Emilio
Emilio
  • 101
  • 2

Is there a way to send a password over JSONP (GET) over HTTPS (SSL)? Crypto maybe?

I understand sending passwords in the clear over GET is not considered secure because the query string can be logged by multiple eavesdroppers.

However is I REALLY need to use JSONP to submit a username and password to my server, is there a way to do it?

Maybe some crypto on the back-end and front-end?