Ajax Login

Hello there.

I've been thinking if some AJAX-authentication system is secure since
Javascript is downloaded into the client machine...

Thanks in advance for your help.

jmoran wrote:

Quote:

Hello there.
>
I've been thinking if some AJAX-authentication system is secure since
Javascript is downloaded into the client machine...
>
Thanks in advance for your help.

What advantage do you hope to gain with Ajax? I can only see an
advantage if the login is part of some large, detailed page and you want
to change That small area to "log out" on successful login. Is that
what you have/want? For a straight login page, why bother with Ajax?

jmoran wrote:

Quote:

>
I've been thinking if some AJAX-authentication system is secure

No software is "secure" outside context. Security can only be
evaluated as a set of risks under a threat model.

In this case, your description is so vague (what's being
authenticated? what's AJAX being used to do? how does this "system"
work?) that we couldn't even imagine a plausible threat model, much
less its risks.

Quote:

since Javascript is downloaded into the client machine...

If the security of your system depends on the integrity or secrecy of
code under the attacker's control, you already have an abysmally weak
system, unless you have an extremely generous threat model (eg, no one
will try to attack the system).

--
Michael Wojcik
Micro Focus
Rhetoric & Writing, Michigan State University

Ajax Login

re: Ajax Login

re: Ajax Login

Similar JavaScript / Ajax / DHTML bytes

/bytes/development

/bytes/it

/bytes/about