Which bug is that? If there's not a patch I'll work on it ASAP. ;)
*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
| tylerromeo(a)gmail.com
On Sat, Nov 17, 2012 at 2:57 PM, Chris Steipp <csteipp(a)wikimedia.org> wrote:
There is one more bug I'd like to fix before
turning wgSecurelogin on.. I'm
going to get it into wmf5, and then we can turn it on.
On Nov 17, 2012 10:03 AM, "Antoine Musso" <hashar+wmf(a)free.fr> wrote:
Le 16/11/12 22:04, Brion Vibber a écrit :
<snip>
> Do we have a timetable for migrating all login sessions to HTTPS yet? I
> love that we've got a clean HTTPS option available, but it really
skeezes
me out
that we still allow logins and passwords over plain HTTP.
-- brion
I guess it is all about enabling $wgSecureLogin [1] which would force
the login form to use HTTPS for its POST. I speedy hacked it two years
ago and Chris Steipp has fixed it a few weeks ago.
Maybe we could enable it on test first and see how it goes?
[1]
http://www.mediawiki.org/wiki/Manual:$wgSecureLogin
--
Antoine "hashar" Musso
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l