Send password safely using an ajax request

Question

just to know, is it possible to send password through an Ajax request safely?

I\'ve a login box that calls an ajax request to try the login/pass and retrieve a JSON

Answer 1

Here's what you could do:

Hash Password and store in database

On client side: hash password, then add salt (concatenate session_id string), then hash again

On server: take hashed pw from database, then add salt (concatenate session_id string), then hash again

[Edit: and then compare the hash-salt-hash generated on the server with the one sent from the client]

Intercepting your hash-salt-hash password is quite useless now, because it is only valid for that particular session...