On Tue, Oct 26, 2010 at 6:24 PM, George Herbert george.herbert@gmail.com wrote:
.. But I would prefer to move towards a logged-in user by default goes to secure connection model. That would include making secure a multi-system, fully redundantly supported part of the environment, or alternately just making https work on all the front ends.
Any "login" should be protected. The casual "eh" attitude here is unprofessional, as it were. The nature of the site means that this isn't something I would rush a crash program and redirect major resources to fix immediately, but it's not something to think of as desirable and continue propogating for more years.
I agree. Even if we still do drop users back to http after authentication, and the cookies can be sniffed, that is preferable to having authentication over http.
People often use the same password for many sites.
Their password may not have much value on WMF projects ('at worst they access admin functions'), but it could be used to access their gmail or similar.
-- John Vandenberg