https://bugzilla.wikimedia.org/show_bug.cgi?id=31432
Web browser: ---
Bug #: 31432
Summary: Add a cookie-based preference which redirects all http
requests to https
Product: Wikimedia
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: Unprioritized
Component: SSL related
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
Currently if a user is logging in on https page, when he's coming to Wikipedia
by following a link on a 3rd website which points to http version, the page
will be in unlogged in state. If he failed to realize this and edited page, his
Wikipedia page browsing history and IP address may be leaked. If he realized
this, he have to change http to https again and again (unless he's using a 3rd
party browser extension).
There can be a resolution: when a user is logging in on https page, set a
insecure cookie which says "redirect me to https page", and clear it when he's
logging out. In this way, the only disadvantage I can see is one more request
and the info for a possible attacker: there's a logged in user at this IP
reading this page by following some link on this website.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
