AJAX登录的安全漏洞

Many sites nowadays use AJAX to let users login.

However there is a (I think) huge security flaw with this design.

If the login failed the username/password has been used in a request made to the server.

If for some reason the user walks AFK at this point a malicious user can view the request that has been made by the user (firebug / devtools).

Is this correct?

Is there something we can do about it (don't think so)?

查看全部
weixin_33739523
weixin_33739523
2011/08/15 11:24
  • security
  • login
  • ajax
  • javascript
  • 点赞
  • 收藏
  • 回答
    私信

4个回复