Brion Vibber wrote:
There was some muttering at the time that just using
HTTPS is safer and
it's not worth the bother. Agreement? Disagreement?
Absolutely agreed. Not being able to deal with the computational cost of
SSL is the only convincing reason to try and use JavaScript hackery to
do a more secure login, and I don't think that's a valid concern at
Wikipedia these days. If you find a designated SSL login machine becomes
CPU-bound, I can recommend PCI SSL accelerator cards that'll be happy to
take over the work.
--
Ivan Krstić <krstic(a)solarsail.hcs.harvard.edu> | GPG: 0x147C722D