0

How do I securely send sensitive data like passwords to the server?

Is POST as a method enough? How do I enable https?

<form method="POST" action="/login">
  Password:
  <input type="password" name="pass">
  <button type="submit">
    Login
  </button>
</form>

Or when using an eventhandler for some button on the page, how do I enable https here:

button.addEventListener("click", function(event) {
  var xhttp = new XMLHttpRequest();
  xhttp.onreadystatechange = function() {
    if (this.readyState == 4 && this.status == 200) {
      // do something
    }
  };
  xhttp.open("POST", "/login", true);
  xhttp.send(<password>);
});
Improve this question

1 Answer 1

Reset to default
1

Use SSL or TLS.

Simply do. There are number of solutions. One of the most well known free solution is https://letsencrypt.org/ which is free. There are number of tutorial to use this kind of certificate on Apache, Node.js server or any others.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

So in the url it already says https:// because of the provider I use, so when I send a http it is automatically https?
If securing your data is important, you should definitely check the version of SSL you are using. Since you did not configure it yourself, some old version of SSL protocol have some vulnerabilities. If your server and client side are both HTTPS, then the data will be sent with HTTPS. No extra code.
@SomeCoder Not by default. Either the server is poorly configured (it accepts HTTP and HTTPS), either it is well configured (redirects HTTP requests to HTTPS). But even if it is well configured, when you send HTTP you contact the server in HTTP (so your data is in cleartext), then it redirects you to HTTPS. The solution to that is called HTTP Strict Transport Security or HSTS. More info e.g. on scotthelme.co.uk/hsts-the-missing-link-in-tls

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.