weixin_33739523 2011-08-15 11:24 采纳率: 0%
浏览 288

AJAX登录的安全漏洞

Many sites nowadays use AJAX to let users login.

However there is a (I think) huge security flaw with this design.

If the login failed the username/password has been used in a request made to the server.

If for some reason the user walks AFK at this point a malicious user can view the request that has been made by the user (firebug / devtools).

Is this correct?

Is there something we can do about it (don't think so)?

  • 写回答

4条回答 默认 最新

  • weixin_33708432 2011-08-15 11:27
    关注

    Surely if the credentials are incorrect (as the login failed) does it matter if some other user uses devtools on a user that has not shutdown firefox etc?

    评论

报告相同问题?

悬赏问题

  • ¥15 本题的答案是不是有问题
  • ¥15 关于#r语言#的问题:(svydesign)为什么在一个大的数据集中抽取了一个小数据集
  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 蓝桥杯单片机第十三届第一场,整点继电器吸合,5s后断开出现了问题
  • ¥15 file converter 转换格式失败 报错 Error marking filters as finished,如何解决?
  • ¥15 Arcgis相交分析无法绘制一个或多个图形