On 26.10.2010 09:36, Nikola Smolenski wrote: > On 10/26/2010 08:59 AM, MZMcBride wrote: >> As Aryeh notes, even those who act in an editing role (rather than in simply >> a reader role) don't generally have valuable accounts. The "pros" you're >> talking about are free to use secure.wikimedia.org (which is already set up >> and has been for quite some time). If there were a secure site alternative, >> I think you'd have a point. As it stands, I don't see what's very quaint >> about this situation. > > For a maximum security and minimal overhead, let the login always be > over https. If a logged-in user is an admin or higher, use https for > everything. Expand to all editors if easily possible.
This sounds like a sensible compromise. It protects the sensitive bits, and doesn't cause massive load on https handling. I would very much like to see this on the official roadmap. By the way... where's the official road map? -- daniel _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
