There is one more bug I'd like to fix before turning wgSecurelogin on.. I'm going to get it into wmf5, and then we can turn it on. On Nov 17, 2012 10:03 AM, "Antoine Musso" hashar+wmf@free.fr wrote:
Le 16/11/12 22:04, Brion Vibber a écrit :
<snip> > Do we have a timetable for migrating all login sessions to HTTPS yet? I > love that we've got a clean HTTPS option available, but it really skeezes > me out that we still allow logins and passwords over plain HTTP. > > -- brion
I guess it is all about enabling $wgSecureLogin [1] which would force the login form to use HTTPS for its POST. I speedy hacked it two years ago and Chris Steipp has fixed it a few weeks ago.
Maybe we could enable it on test first and see how it goes?
[1] http://www.mediawiki.org/wiki/Manual:$wgSecureLogin
-- Antoine "hashar" Musso
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l