On Fri, Mar 25, 2011 at 3:19 PM, Neil Kandalgaonkar neilk@wikimedia.org wrote:
Long story short, we had this discussion in IRC... some people find the concept of AJAX login really alarming from a security perspective, but I think there could (COULD) be some ways to compromise there. There is a little-used concept called Digest Authentication that we could implement in Javascript.
What are the security problems with a simple AJAX login implementation that just POSTs, compared to digest authentication?