On Fri, Mar 25, 2011 at 12:19 PM, Neil Kandalgaonkar neilk@wikimedia.org wrote:
I added a comment to the talk page.
http://www.mediawiki.org/wiki/User_talk:Akshay.agarwal
Long story short, we had this discussion in IRC... some people find the concept of AJAX login really alarming from a security perspective, but I think there could (COULD) be some ways to compromise there. There is a little-used concept called Digest Authentication that we could implement in Javascript.
I don't find the concept alarming. The concept of AJAX login is perfectly fine, when used on a full https site, or a full http site.
It is insecure when used on an http page where the login page is using https. If there is a man in the middle, the form can be rewritten to send the username/password to the attacker, who then relays the information to the wiki. I don't see how digest authentication will solve this. Digest authentication protects against replay attacks, but I don't believe it can protect against man in the middle attacks.
Respectfully,
Ryan Lane