On Aug 23, 2013 7:46 PM, "Chris Steipp" <csteipp(a)wikimedia.org> wrote:
Hi all,
With all the talk about turning on $wgSecureLogin for WMF sites, there has
been a lot of misconceptions about how the option works, and difference of
opinions about how they should work in the future.
I started:
https://www.mediawiki.org/wiki/Requests_for_comment/Login_security
It would be great to get feedback on the "Longer Term Questions" section.
Also, if anyone isn't entirely clear about how the preferences work,
hopefully this will provide some clarification.
Requiring https for advanced privileges seems odd. Would that require a
second set of credentials over a https only page? If not, the most
important consideration is already lost, the credentials. If yes, will
people actually use different credentials? Should that be enforced? Is that
worth the software complexity? What are the advantages here?
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-lht