By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,465 Members | 1,172 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,465 IT Pros & Developers. It's quick & easy.

Ajax Login

P: n/a
Hello there.

I've been thinking if some AJAX-authentication system is secure since
Javascript is downloaded into the client machine...

Thanks in advance for your help.
Sep 2 '08 #1
Share this Question
Share on Google+
2 Replies


P: n/a
jmoran wrote:
Hello there.

I've been thinking if some AJAX-authentication system is secure since
Javascript is downloaded into the client machine...

Thanks in advance for your help.
What advantage do you hope to gain with Ajax? I can only see an
advantage if the login is part of some large, detailed page and you want
to change That small area to "log out" on successful login. Is that
what you have/want? For a straight login page, why bother with Ajax?
Sep 2 '08 #2

P: n/a
jmoran wrote:
>
I've been thinking if some AJAX-authentication system is secure
No software is "secure" outside context. Security can only be
evaluated as a set of risks under a threat model.

In this case, your description is so vague (what's being
authenticated? what's AJAX being used to do? how does this "system"
work?) that we couldn't even imagine a plausible threat model, much
less its risks.
since Javascript is downloaded into the client machine...
If the security of your system depends on the integrity or secrecy of
code under the attacker's control, you already have an abysmally weak
system, unless you have an extremely generous threat model (eg, no one
will try to attack the system).

--
Michael Wojcik
Micro Focus
Rhetoric & Writing, Michigan State University
Sep 2 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.