On 3/25/11 3:20 PM, Aryeh Gregor wrote:
On Fri, Mar 25, 2011 at 3:19 PM, Neil Kandalgaonkarneilk@wikimedia.org wrote:
Long story short, we had this discussion in IRC... some people find the concept of AJAX login really alarming from a security perspective, but I think there could (COULD) be some ways to compromise there. There is a little-used concept called Digest Authentication that we could implement in Javascript.
What are the security problems with a simple AJAX login implementation that just POSTs, compared to digest authentication?
With digest authentication you can transmit credentials over unencrypted HTTP without worrying that someone is capturing your plaintext password, say in a log file, and can log in as you later.
Ryan is correct that a man in the middle who captured digested credentials could log in as you that one time. But not a subsequent time. So they'd have to do their damage right away. But, if you also bind the session to a particular IP, the attacker has a harder time exploiting this without being detected.
I don't have a complete solution thought out, I was just musing that maybe this kind of thing could be useful if we wanted a solution that worked over plain HTTP. But Ryan is also worried about a MITM that corrupts the surrounding page, so that the HTTP-served software that tries to make this HTTPS connection is already compromised.