[Mediawiki-l] Antwort: Re: Passwords in cleartext via SSL-Loginpage
amuenzeb at rockwellcollins.com
amuenzeb at rockwellcollins.com
Thu Oct 7 14:54:16 UTC 2010
mediawiki-l-bounces at lists.wikimedia.org schrieb am 06.10.2010 17:27:02:
> > My impression regarding A) is, that the LDAP-extension-plugin does not
> > support cleartext communication with the LDAP-server out of the box,
so
> > unless you explicitly set the option to use cleartext, you will be
safe.
> > Am I right?
> The default is LDAP via StartTLS, and it is enforced. You can change
> to LDAPS or cleartext LDAP, if you so choose.
Secure out of the box. Well designed :-) Thanks for reassuring.
[...]
> I believe there is a way to do this. You'll need to make sure your
> cookies are marked as secure, and the web server ensures that login
> pages are forced SSL. There used to be a configuration hack, but it
> looks like the documentation is no longer on mediawiki.org. I'd find
> it in the history, but it may be gone for a reason.
I used the extension promoted by Daniel Barret in his reply to my post. As
fas as I understood the source code, it does exactly what you describe
here. And it works like a charme.
> - Ryan Lane
Thank you Ryan and Daniel!
CU
Arnd
More information about the MediaWiki-l
mailing list