Hi all, When setting up the LDAP-extension (great work btw. Thank you Ryan!) I stumpled upon the need to encrypt the passwords when they are sent over the network. This was of no concern before, since this is an internal wiki that contained no really important information. But if authorization is handled via LDAP, the password for login into the wiki will be effectively the same than the one used to authenticate with nearly all other services, so security becomes an issue. From what I already knew and have read in the LDAP extension documentation on mediawiki.org and ryans blog (especially the guide http://ryandlane.com/blog/2009/03/23/using-the-ldap-authentication-plugin-f… which was _really_ helpful. Got it up and running in no time!) there are 2 areas to be taken care of: A) The communication between the mediawiki-server and the LDAP-server B) The communication between the mediawiki-server and the end-user-PC. My impression regarding A) is, that the LDAP-extension-plugin does not support cleartext communication with the LDAP-server out of the box, so unless you explicitly set the option to use cleartext, you will be safe. Am I right? B) seems to be a little more complicated. If I don't want to use SSL for the whole wiki site (and I do want to avoid the additional processor load) I need to secure the login-page only or at least the data submitted to the wiki-server when the user clicks login. Are there extensions for this. Did anyone hack his installation so that the login-page is restricted to SSL? How do other LDAP-users handle this problem? Thanks in advance, Arnd Münzebrock