Why is AJAX authentication over HTTP considered insecure?

Question

Why is AJAX authentication over HTTP considered insecure?

Let's look at the following scenario: suppose I have a web application and user authentication is done through a modal dialog box (say that when a user clicks the login button, an ajax request is sent and depending on the callback, I either close the window or display error) and I use only HTTP protocol . Why is this considered an unsafe way to do something?

Also, make sure that the modal dialog box is considered, because this is vital information. Perhaps some data is displayed under the dialog box and may be available if the modality is broken.

The question includes both:

How can you break application security using ajax call?
Is Ajax HTTP less secure than the regular form of HTTP?

+5

security authentication ajax web-applications

Denys S. Nov 15 '10 at 9:45

source share

6 answers

HTTPS. GET . POST HTTP-. Ajax . . , .

+2

Slappy 15 . '10 10:08

HTTP , . (, Wi-Fi). Ajax HTTPS .

+1

WolfRevoKcats 15 . '10 9:59

, , http. , , . https, ajax , html.

Somy https, .

+1

kralco626 16 . '11 20:06

, , HTTPS. googling , , :

http://www.indicthreads.com/1524/secure-ajax-based-user-authentication/ http://msdn.microsoft.com/en-us/magazine/cc793961.aspx ( ASP.NET) .

0

Peter 15 . '10 10:01

HTTP HTTPS, AJAX , . , cookie, .. .

0

Halil Özgür 15 . '10 10:52

zerkms · Accepted Answer · 2010-11-15T09:58:48+0000

The one who told you is wrong. Posting ajax via post is no less secure than posting with regular forms. Just because it's the same thing .

Update 1 according to the latest board:

You can not
No

: AJAX - HTTP-, (, , html). . .

, : ajax - HTTP-. , , SO SO.

: " , ". : A , A, A A: -S

Why is AJAX authentication over HTTP considered insecure?

More articles: