wgSecureLogin works. I patched the broken version of it not too long ago. Now I'm just waiting on my patch in Gerrit to turn on wgSecureLogin on WMF wikis. On Nov 17, 2012 1:03 PM, "Antoine Musso" hashar+wmf@free.fr wrote:
Le 16/11/12 22:04, Brion Vibber a écrit :
<snip> > Do we have a timetable for migrating all login sessions to HTTPS yet? I > love that we've got a clean HTTPS option available, but it really skeezes > me out that we still allow logins and passwords over plain HTTP. > > -- brion
I guess it is all about enabling $wgSecureLogin [1] which would force the login form to use HTTPS for its POST. I speedy hacked it two years ago and Chris Steipp has fixed it a few weeks ago.
Maybe we could enable it on test first and see how it goes?
[1] http://www.mediawiki.org/wiki/Manual:$wgSecureLogin
-- Antoine "hashar" Musso
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l