On 29 April 2013 09:12, Brion Vibber <[email protected]> wrote: > Just curious -- what's the state of forcing HTTPS for all user sessions? > It's simple common sense at this point to protect all our users from > session hijacking on local networks or MITM attacks.
Now a bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=47832 (how did we not have one already?). > I see some Gerrit activity on adding "preferences" or special groups for > HTTPS, which seems a horrid practice when we could just protect everyone... Agreed; this was a nice idea back in the day when SSL was expensive, but now… J. -- James D. Forrester Product Manager, VisualEditor Wikimedia Foundation, Inc. [email protected] | @jdforrester _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
