- Joined
- Dec 15, 2009
- Messages
- 1,387
- Reaction score
- 236
Hello!
This question has been stumbling upon me for quite some time, pass few days actually. I'd kinda managed to implement Google Plus Sign In oAuth 2.0 into my login page, where user can simply sign in to my site through their Google's account. The great pros about this is, I won't be needing to create a registration page and messing with bunch of passwords etc, but here's the problem.
I have a form that submit through client sided JavaScript with AJAX and it only allows those who are logged in to view the form, so basically the question is, if the user where to submit the form, how can I justify the legitimacy of the user credential and login state since everything is passed to the server through a client sided AJAX script. The odds are, it can be brute forced and be modified to trick the script that may disguise himself/herself as one of the logged in user.
I have very minimum experience with credentials and logins, so please enlighten me.
Thank you.
This question has been stumbling upon me for quite some time, pass few days actually. I'd kinda managed to implement Google Plus Sign In oAuth 2.0 into my login page, where user can simply sign in to my site through their Google's account. The great pros about this is, I won't be needing to create a registration page and messing with bunch of passwords etc, but here's the problem.
I have a form that submit through client sided JavaScript with AJAX and it only allows those who are logged in to view the form, so basically the question is, if the user where to submit the form, how can I justify the legitimacy of the user credential and login state since everything is passed to the server through a client sided AJAX script. The odds are, it can be brute forced and be modified to trick the script that may disguise himself/herself as one of the logged in user.
I have very minimum experience with credentials and logins, so please enlighten me.
Thank you.