On Mon, Feb 13, 2012 at 5:28 PM, Daniel Friesen
The idea that login is secure because it's on a
separate page than the rest
of the site is actually an old mistake.
If a script is included ANYWHERE on the site on the same domain then it's
possible to inject in some code that will fake pageviews in a way that will
let an attacker have a running script when the user follows the login link
to the login page.
So there isn't really any security advantage of a separate login page over
an ajax login. (well ;) unless you're using the separate login page because
you have js disabled, then you're safe, heh)
Basically what the issue was is that if you're on an unencrypted HTTP
pageview, you cannot trust the login form that gets AJAXed in, even if
it submits to HTTPS. If the login form is transferred over HTTP (or
the script that loads the login form is transferred over HTTP, or if
*anything* comes on HTTP), it's not secure.