There is one more bug I'd like to fix before turning wgSecurelogin on.. I'm
going to get it into wmf5, and then we can turn it on.
On Nov 17, 2012 10:03 AM, "Antoine Musso" <hashar+wmf(a)free.fr> wrote:
Le 16/11/12 22:04, Brion Vibber a écrit :
<snip>
Do we have a timetable for migrating all login
sessions to HTTPS yet? I
love that we've got a clean HTTPS option available, but it really skeezes
me out that we still allow logins and passwords over plain HTTP.
-- brion
I guess it is all about enabling $wgSecureLogin [1] which would force
the login form to use HTTPS for its POST. I speedy hacked it two years
ago and Chris Steipp has fixed it a few weeks ago.
Maybe we could enable it on test first and see how it goes?
[1]
http://www.mediawiki.org/wiki/Manual:$wgSecureLogin
--
Antoine "hashar" Musso
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l