Neil Kandalgaonkar wrote:
What are the
security problems with a simple AJAX login implementation
that just POSTs, compared to digest authentication?
With digest authentication you can transmit credentials over unencrypted
HTTP without worrying that someone is capturing your plaintext password,
say in a log file, and can log in as you later.
The use of a digest authentication is unrelated to usig AJAX or not.
However, since you need a request between having the user and sending
the password (to ask the db salt for that user), the interface would be
odd without AJAX (and you need javascript anyway).
Remember that you still need to add another salt to avoid having the
hash being plaintext equivalent.