https://bugzilla.wikimedia.org/show_bug.cgi?id=39380
--- Comment #21 from Chris Steipp <[email protected]> 2012-08-28 01:40:11 UTC --- (In reply to comment #19) > >> experience, which is why I'd rather see effort focused on fixing bug 29898. I don't think they're mutually exclusive. We need to do both. (In reply to comment #20) > In short, the issue with just setting $wgSecureLogin to true is that the user > experience kind of sucks, as I understand it. (Feel free to correct me if I've > misread the $wgSecureLogin-related code!) For any users that notice the protocol, it may be disorienting, but I would guess most of our users don't really pay attention to it (hopefully I'm wrong about that!). But the win is that if they click the login link again, they'll be back using https before they enter their password again. That would be a step towards helping our users be more secure, even if we have plenty of other bugs to close too. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
