-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Thanks to Werdna, Tim, and Robert for work on getting these things ready. :)
Rather than repeat myself, lemme just link to my writeups:
Support for HttpOnly cookies should provide an extra security barrier for session-stealing via XSS; the required PHP upgrades probably help too. ;)
http://leuksman.com/log/2008/04/21/httponly-cookies/
And I've enabled the AJAX search suggestion drop-down, using the basic prefix matching:
http://leuksman.com/log/2008/04/21/suggestion-search-drop-down/
I'm still a little worried that the search hits might cause extra load. So far I don't even see a blip on Ganglia, though. :) If things bog down while I'm away, turn off $wgEnableMWSuggest!
- -- brion vibber (brion @ wikimedia.org)