Hi,
In order to secure usernames/passwords, some other use of TLS/SSL may apply. The AAA work may be done on
https://login.wikipedia.org/wikiname, also giving a .wikipedia wide security token in that place and not messing with that in clear-text connections.
That's how large sites handle authentication/authorization. Isn't wiki a large site? :)
Domas
Domas Mituzas wrote:
In order to secure usernames/passwords, some other use of TLS/SSL may apply. The AAA work may be done on
https://login.wikipedia.org/wikiname, also giving a .wikipedia wide security token in that place and not messing with that in clear-text connections.
Could be done, though you'll want to make sure the token isn't plaintext-equivalent.
You'll also have to provide a secure channel for changing passwords.
-- brion vibber (brion @ pobox.com)
wikitech-l@lists.wikimedia.org