Send password safely using an ajax request

Question

just to know, is it possible to send password through an Ajax request safely?

I\'ve a login box that calls an ajax request to try the login/pass and retrieve a JSON

Answer 1

What you're looking for is a "zero knowledge protocol". It is a way of communicating that you know a password without sending it. You would communicate between the javascript running in the user's browser, and the server.

Bonus, these protocols are generally secure even if the connection isn't encrypted. Note that it would be stupid to rely on this and not use SSL, because a man in the middle would simply replace your nice zero knowledge protocol implementation with a look-alike function that just sends the password.