Which bug is that? If there's not a patch I'll work on it ASAP. ;)
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Sat, Nov 17, 2012 at 2:57 PM, Chris Steipp csteipp@wikimedia.org wrote:
There is one more bug I'd like to fix before turning wgSecurelogin on.. I'm going to get it into wmf5, and then we can turn it on. On Nov 17, 2012 10:03 AM, "Antoine Musso" hashar+wmf@free.fr wrote:
Le 16/11/12 22:04, Brion Vibber a écrit :
<snip> > Do we have a timetable for migrating all login sessions to HTTPS yet? I > love that we've got a clean HTTPS option available, but it really
skeezes
me out that we still allow logins and passwords over plain HTTP.
-- brion
I guess it is all about enabling $wgSecureLogin [1] which would force the login form to use HTTPS for its POST. I speedy hacked it two years ago and Chris Steipp has fixed it a few weeks ago.
Maybe we could enable it on test first and see how it goes?
[1] http://www.mediawiki.org/wiki/Manual:$wgSecureLogin
-- Antoine "hashar" Musso
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l