On 3/25/11 3:20 PM, Aryeh Gregor wrote:
On Fri, Mar 25, 2011 at 3:19 PM, Neil
Kandalgaonkar<neilk(a)wikimedia.org> wrote:
Long story short, we had this discussion in
IRC... some people find the
concept of AJAX login really alarming from a security perspective, but I
think there could (COULD) be some ways to compromise there. There is a
little-used concept called Digest Authentication that we could implement
in Javascript.
What are the security problems with a simple AJAX login implementation
that just POSTs, compared to digest authentication?
With digest authentication you can transmit credentials over unencrypted
HTTP without worrying that someone is capturing your plaintext password,
say in a log file, and can log in as you later.
Ryan is correct that a man in the middle who captured digested
credentials could log in as you that one time. But not a subsequent
time. So they'd have to do their damage right away. But, if you also
bind the session to a particular IP, the attacker has a harder time
exploiting this without being detected.
I don't have a complete solution thought out, I was just musing that
maybe this kind of thing could be useful if we wanted a solution that
worked over plain HTTP. But Ryan is also worried about a MITM that
corrupts the surrounding page, so that the HTTP-served software that
tries to make this HTTPS connection is already compromised.
--
Neil Kandalgaonkar (| <neilk(a)wikimedia.org>