Neil Kandalgaonkar wrote: > I added a comment to the talk page. > > http://www.mediawiki.org/wiki/User_talk:Akshay.agarwal > > Long story short, we had this discussion in IRC... some people find the > concept of AJAX login really alarming from a security perspective, but I > think there could (COULD) be some ways to compromise there. There is a > little-used concept called Digest Authentication that we could implement > in Javascript.
Using AJAX is not more insecure than normal login using POST (which should be kept for non-js clients). You just need a begin request before the one that transmits the credentials. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
