AJAX Login System Script
Creating a secure login system using XMLHttpRequest
This is an example of a login system that does not require page refreshes, but is still very secure. Valid usernames and passwords for this demo are user1/pass1 and user2/pass2. Try these, and also incorrect passwords to see the results.
* User does not need to refresh the page to login.
* User is notified instantly on incorrect username/password combination.
* Overall user experience is more seamless.
* Password is not sent in plain text ever (more secure than traditional system).
* Uses one-time use random seed to hash the password before sending (making interceptions useless).
* System is more prone to brute force attacks.
o Can be minimized by adding a delay after a certain number of attempts per username or per client.
* User may expect a login button.
o One could still be added without reloading the page.
* Older versions of Safari cannot disable a password field.
* This code uses the MD5 encryption algorithm, which has since been proven to be less secure than previously thought. If you use this code, I strongly recommend you switch to a more secure encryption algorithm, such as SHA-1. For sites were security is not crucial, MD5 should suffice.
FreeVersion: n/a Platform(s): All Updated:
January 12, 2008