https://bugzilla.wikimedia.org/show_bug.cgi?id=54110
--- Comment #1 from Brad Jorsch <[email protected]> --- (In reply to comment #0) > However, if the Consumer is using an RSA key, then the authorization token's > secret isn't used, so the security isn't affected by not using SSL for the > /token call. What about the token credentials returned in the response? Those are still plain text. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
