Page 1 of 1
Ajax login security
Posted: Thu Jun 07, 2007 8:46 pm
by JellyFish
How secure are ajax logins? What makes the secure or not?
Posted: Thu Jun 07, 2007 8:59 pm
by nickvd
The developer makes them secure

Posted: Thu Jun 07, 2007 9:21 pm
by JellyFish
What are some things I have to be aware of?
Posted: Thu Jun 07, 2007 9:51 pm
by Christopher
It is the same security issues as any login request. Make sure you filter and validate all values server-side.
Posted: Fri Jun 08, 2007 12:01 am
by JellyFish
What about the fact that it's a visible parameter in the request(IE firebug or any other equivalent)?
What are all the validations required? I don't think I have any.
Posted: Fri Jun 08, 2007 12:34 am
by Christopher
The parameters are always visible. A couple of key things are:
- Is the data from where it is supposed to be from? Generate a new unique key for every time you present a login form and check for that key when the you receive the request.
- Is the data received the kind of data expected? Validate the data you receive to check for characters you don't allow.
Posted: Fri Jun 08, 2007 2:55 am
by JellyFish
arborint wrote:
- Is the data from where it is supposed to be from? Generate a new unique key for every time you present a login form and check for that key when the you receive the request.
Where can it be from? Can't Ajax requests only be executed on local pages?
Posted: Fri Jun 08, 2007 9:51 am
by Kieran Huggins
this is yet another example of where you should be serving ajax pages through the same channels as your regular pages (with different templates / views)