On Sun, Feb 20, 2011 at 3:49 AM, ChrisiPK <[email protected]> wrote:
> for a few weeks now, I have been using a Firefox extension which > automatically > redirects me to the secure.wikimedia.org server when visiting a Wikimedia > site. Unfortunately, this does not work for all wikis, e.g. the OTRS wiki > is > not included in the redirect rule set. At first, I was thinking about > creating > a rule and submitting that to the extension developers, but then I thought: > > Shouldn't we require HTTPS by default for wikis containing sensitive > information, such as the OTRS wiki and similar ones (oversight? foundation? > I > don't have a full list right now, but can imagine that there are more.)? > I would definitely recommend this -- it's been on the agenda for.... well literally for *years*, but always got swallowed up by time spent on other things. It should be pretty straightforward actually to aim a few of those standalone wikis straight at the existing secure.wikimedia.org proxy -- which appears to currently have a *.wikimedia.org wildcard cert -- or at another dedicated one, and swap both the non-SSL URLs and the old-fashioned secure.wikimedia.org entries for them to redirect to the canonical domain with HTTPS. Thus we could simply use https://internal.wikimedia.org/ etc. This could be done with much less worry about configuration changes and load issues than doing the same for the higher-profile, higher-traffic sites on their own domains, but can help build familiarity and confidence for both ops and users. -- brion _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
