-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Thanks to Werdna, Tim, and Robert for work on getting these things ready. :)

Rather than repeat myself, lemme just link to my writeups:

Support for HttpOnly cookies should provide an extra security barrier for session-stealing via XSS; the required PHP upgrades probably help too. ;)

http://leuksman.com/log/2008/04/21/httponly-cookies/

And I've enabled the AJAX search suggestion drop-down, using the basic prefix matching:

http://leuksman.com/log/2008/04/21/suggestion-search-drop-down/

I'm still a little worried that the search hits might cause extra load. So far I don't even see a blip on Ganglia, though. :) If things bog down while I'm away, turn off $wgEnableMWSuggest!

- -- brion vibber (brion @ wikimedia.org)