Le 16/11/12 22:04, Brion Vibber a écrit :
<snip>
Do we have a timetable for migrating all login
sessions to HTTPS yet? I
love that we've got a clean HTTPS option available, but it really skeezes
me out that we still allow logins and passwords over plain HTTP.
-- brion
I guess it is all about enabling $wgSecureLogin [1] which would force
the login form to use HTTPS for its POST. I speedy hacked it two years
ago and Chris Steipp has fixed it a few weeks ago.
Maybe we could enable it on test first and see how it goes?
[1]
http://www.mediawiki.org/wiki/Manual:$wgSecureLogin
--
Antoine "hashar" Musso