On 3/25/11 3:20 PM, Aryeh Gregor wrote: > On Fri, Mar 25, 2011 at 3:19 PM, Neil Kandalgaonkar<[email protected]> > wrote: >> Long story short, we had this discussion in IRC... some people find the >> concept of AJAX login really alarming from a security perspective, but I >> think there could (COULD) be some ways to compromise there. There is a >> little-used concept called Digest Authentication that we could implement >> in Javascript. > > What are the security problems with a simple AJAX login implementation > that just POSTs, compared to digest authentication?
With digest authentication you can transmit credentials over unencrypted HTTP without worrying that someone is capturing your plaintext password, say in a log file, and can log in as you later. Ryan is correct that a man in the middle who captured digested credentials could log in as you that one time. But not a subsequent time. So they'd have to do their damage right away. But, if you also bind the session to a particular IP, the attacker has a harder time exploiting this without being detected. I don't have a complete solution thought out, I was just musing that maybe this kind of thing could be useful if we wanted a solution that worked over plain HTTP. But Ryan is also worried about a MITM that corrupts the surrounding page, so that the HTTP-served software that tries to make this HTTPS connection is already compromised. -- Neil Kandalgaonkar (| <[email protected]> _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
