wgSecureLogin works. I patched the broken version of it not too long ago.
Now I'm just waiting on my patch in Gerrit to turn on wgSecureLogin on WMF
wikis.
On Nov 17, 2012 1:03 PM, "Antoine Musso" <hashar+wmf(a)free.fr> wrote:
Le 16/11/12 22:04, Brion Vibber a écrit :
<snip>
Do we have a timetable for migrating all login
sessions to HTTPS yet? I
love that we've got a clean HTTPS option available, but it really skeezes
me out that we still allow logins and passwords over plain HTTP.
-- brion
I guess it is all about enabling $wgSecureLogin [1] which would force
the login form to use HTTPS for its POST. I speedy hacked it two years
ago and Chris Steipp has fixed it a few weeks ago.
Maybe we could enable it on test first and see how it goes?
[1]
http://www.mediawiki.org/wiki/Manual:$wgSecureLogin
--
Antoine "hashar" Musso
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l