Le 16/11/12 22:04, Brion Vibber a écrit : <snip> > Do we have a timetable for migrating all login sessions to HTTPS yet? I > love that we've got a clean HTTPS option available, but it really skeezes > me out that we still allow logins and passwords over plain HTTP. > > -- brion
I guess it is all about enabling $wgSecureLogin [1] which would force the login form to use HTTPS for its POST. I speedy hacked it two years ago and Chris Steipp has fixed it a few weeks ago. Maybe we could enable it on test first and see how it goes? [1] http://www.mediawiki.org/wiki/Manual:$wgSecureLogin -- Antoine "hashar" Musso _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
