Question

How vulnerable to man-in-the-middle attacks would the following scenario be within the same domain (NOT cross-domain)?

A form on an insecure page submits a JSONP request containing sensitive data (in the query string) to a secure page.

Was it helpful?

Solution

Assuming by "insecure" you mean a page served over plain HTTP without the encryption and server validation involved in HTTPS:

The actual request over HTTPS from an HTTP page is not vulnerable to man-in-the-middle. However, the HTTP page itself is vulnerable: a MitM attack could change content in that original page to leak the data that was to be sent over HTTPS, or otherwise interfere with the operation of the page in many other ways to make it untrustworthy.

If the user could be sure that the first HTTP page had been transferred with full integrity, then the data could be guaranteed safe. But there is no way a real-world user would be able to audit all the content on that HTTP page in order to determine that.

Consequently you should consider a submission from HTTP to HTTPS to be no more secure than a submission from HTTP to HTTP.

The URLs being on the same or a different domain is immaterial.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top