— describes the way for login and regestation really good.
A similar tutorial already exists:
with the exception that the password is not encrypted. But for a simple server system also is not forcibly required because if someone has already accessed the database, then you have other problems ...
For good programming would not use GET but rather POST-Methodes. This is due to that a GET request is parsed on the URL (if the request is via a <form> tag). Would you now send this link to your friend or else the other have your login data unencrypted.
If you send the GET-Methode via AJAX you get not a new parsed URL. GET is also processed a little faster than POST. I think therefore GET was used in the example.
If someone listens to the connection (Like "man-in-the-middle-attack") it does not matter whether the request will be sent via GET or POST. For something like this it is good the variables for login data not call "PW" or "password" or similar. A hacker would look for it first. And use a SSL connection as already said. But even this is not always safe against "man-in-the-middle-attack".
What really matters is,
Save your server against harmful inputs!!!
And that's also pretty easy. Please read this tutorial:
prevent the download of critical data (e.g. database)
But should use with care!!! Passwords should never be stored ...
For a top secure server it requires much more.
All datas on the server have to be safe although a person has access to the server data.
-encrypted programcode (to safe the decoding of your data)
-encrypted database (illogical data input)
-a combination of password and token (token=temporary password)
-person tracking (to be sure the logging user is really the registered user)
-attack logs (banned hacker from server and identify attack strategies -> safe it)
... and everything one can think of
And very important:
Thinking never your server is secure!
... I hope my english was polite and understandable.