On Fri, Mar 25, 2011 at 3:19 PM, Neil Kandalgaonkar <neilk(a)wikimedia.org> wrote:
Long story short, we had this discussion in IRC...
some people find the
concept of AJAX login really alarming from a security perspective, but I
think there could (COULD) be some ways to compromise there. There is a
little-used concept called Digest Authentication that we could implement
in Javascript.
What are the security problems with a simple AJAX login implementation
that just POSTs, compared to digest authentication?