On Tue, Oct 26, 2010 at 6:24 PM, George Herbert
<george.herbert(a)gmail.com> wrote:
..
But I would prefer to move towards a logged-in user by default goes to
secure connection model. That would include making secure a
multi-system, fully redundantly supported part of the environment, or
alternately just making https work on all the front ends.
Any "login" should be protected. The casual "eh" attitude here is
unprofessional, as it were. The nature of the site means that this
isn't something I would rush a crash program and redirect major
resources to fix immediately, but it's not something to think of as
desirable and continue propogating for more years.
I agree. Even if we still do drop users back to http after
authentication, and the cookies can be sniffed, that is preferable to
having authentication over http.
People often use the same password for many sites.
Their password may not have much value on WMF projects ('at worst they
access admin functions'), but it could be used to access their gmail
or similar.
--
John Vandenberg