> My personal preference would be to run *all* logged-in activity over HTTPS, > so every mail link etc should be on SSL. But I think that's still a ways out > yet and will need better SSL acceleration; poor Ryan Lane will kill me if I > keep pushing on that too soon! ;) >
Actually, this is exactly what I want. I think we can do it fairly cheaply, but before I commit to that I'd like to test the cluster thoroughly. One thing to note about this cluster is that is a SSL termination cluster, and as such, MediaWiki will have no idea that the user is coming via HTTPS in the normal way. The SSL termination cluster will set a header to indicate the user is coming via HTTPS, so we'll need to deal with that on the MediaWiki side so that we send secure cookies. There's a bunch of things that we should likely do in the future as well. We should likely set a non-secure cookie for HTTPS logged in users that indicates the user requests HTTPS only (via a preference, enabled by default), that will redirect them to HTTPS if they somehow arrive at an HTTP page. Strict Transport Security (STS) should also be a consideration at some point in time, at least for users that have already logged in. This doesn't protect the user from initial site spoofing attacks, but could protect against later spoofing attacks (thanks Aryeh for this idea). I don't think we'll ever get to a point where we can/should use HTTPS for all anon users, but SPDY could be a consideration in the future for anons. After I finish HTTPS I may look at setting up SPDY for testing. - Ryan _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
