On 08/23/2013 03:23 PM, Martijn Hoekstra wrote:
Requiring https for advanced privileges seems odd. Would that require a second set of credentials over a https only page?
You're missing the point. People who have (for instance) checkuser or oversight should be simply disallowed from logging in through HTTP at all.
-- Marc