473,323 Members | 1,537 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,323 software developers and data experts.

Ajax Login

Hello there.

I've been thinking if some AJAX-authentication system is secure since
Javascript is downloaded into the client machine...

Thanks in advance for your help.
Sep 2 '08 #1
2 1223
jmoran wrote:
Hello there.

I've been thinking if some AJAX-authentication system is secure since
Javascript is downloaded into the client machine...

Thanks in advance for your help.
What advantage do you hope to gain with Ajax? I can only see an
advantage if the login is part of some large, detailed page and you want
to change That small area to "log out" on successful login. Is that
what you have/want? For a straight login page, why bother with Ajax?
Sep 2 '08 #2
jmoran wrote:
>
I've been thinking if some AJAX-authentication system is secure
No software is "secure" outside context. Security can only be
evaluated as a set of risks under a threat model.

In this case, your description is so vague (what's being
authenticated? what's AJAX being used to do? how does this "system"
work?) that we couldn't even imagine a plausible threat model, much
less its risks.
since Javascript is downloaded into the client machine...
If the security of your system depends on the integrity or secrecy of
code under the attacker's control, you already have an abysmally weak
system, unless you have an extremely generous threat model (eg, no one
will try to attack the system).

--
Michael Wojcik
Micro Focus
Rhetoric & Writing, Michigan State University
Sep 2 '08 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: PJ6 | last post by:
I have AJAX-style calls that will require a user's login for permission checks. I might have been OK with the login ID rolled into a session variable, but now I'm faced with calling my AJAX...
1
by: www.web20developers.com | last post by:
http://www.web20developers.com http://www.web20developers.com/index.php?option=com_content&task=view... Ajallerix : AJAX, simple, fast Web image gallery demo ; at Novell AJAX -...
5
by: Ruso | last post by:
I am using ASP to make an application. What I want right now - is to make the self updating list of the users online - based on thier cookies. In my opinion all seems to be writen well with it's...
6
by: paladin.rithe | last post by:
I'm looking to use AJAX as part of the login system for a project, but I'm not finding what I'm looking for. I've seen the example of how to do an AJAX login, but that isn't really what I want....
1
by: quill | last post by:
Hi I am making a chatroom script and it appears that the problem seems to be that my setTimeout's are conflicting. The logic is as follows: Run a login check every x seconds Run a trigger...
5
by: Mike | last post by:
Hello, I have a Login page that checks a Db for a Un and Pw using ajax. If the Login is incorrect, they just get a embedded message. If it is correct, I want to redirect COMPLETLY. Whats...
3
by: krg | last post by:
Hi, I started writing this blog some time back and it would be great if I could get an audience here and even better if we could have a conversation about developments possible on the techniques I...
6
by: KDawg44 | last post by:
Hi, My responseXML is always null on my AJAX call. When I browse directly to the PHP script I am calling, the XML file shows up just fine. I have read that if a returned XML file is not...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.