This is an example of a login system that does not require page refreshes, but is still very secure. Valid usernames and passwords for this demo are user1/pass1 and user2/pass2. Try these, and also incorrect passwords to see the results.
Please note that this is not a functional form, your input will not go anywhere.It is solely for demonstrating an XMLHttpRequest login system in javascript.
AdvantagesUser does not need to refresh the page to login.
User is notified instantly on incorrect username/password combination.
Overall user experience is more seamless.
Password is not sent in plain text ever (more secure than traditional system).
Javascript convenience with server-side security (uses PHP/MySQL).
Uses one-time use random seed to hash the password before sending (making interceptions useless).
DisadvantagesSystem is more prone to brute force attacks.
Can be minimized by adding a delay after a certain number of attempts per username or per client.
User may expect a login button.
One could still be added without reloading the page.
Older versions of Safari cannot disable a password field.
This code uses the MD5 encryption algorithm, which has since been proven to be less secure than previously thought. If you use this code, I strongly recommend you switch to a more secure encryption algorithm, such as SHA-1. For sites were security is not crucial, MD5 should suffice.
Source Download
- If you have better solution, just tell me !
0 comments:
Post a Comment