Cant the same be done to allow users to login only through HTTPS, or if they are on HTTP, user can be redirected to an HTTPS. SO, the script will only work when the user is over a secured HTTP.
On 22 February 2012 01:24, Roan Kattouw roan.kattouw@gmail.com wrote:
On Mon, Feb 13, 2012 at 5:28 PM, Daniel Friesen lists@nadir-seen-fire.com wrote:
The idea that login is secure because it's on a separate page than the
rest
of the site is actually an old mistake. If a script is included ANYWHERE on the site on the same domain then it's possible to inject in some code that will fake pageviews in a way that
will
let an attacker have a running script when the user follows the login
link
to the login page. So there isn't really any security advantage of a separate login page
over
an ajax login. (well ;) unless you're using the separate login page
because
you have js disabled, then you're safe, heh)
Basically what the issue was is that if you're on an unencrypted HTTP pageview, you cannot trust the login form that gets AJAXed in, even if it submits to HTTPS. If the login form is transferred over HTTP (or the script that loads the login form is transferred over HTTP, or if *anything* comes on HTTP), it's not secure.
Roan
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l