On Aug 23, 2013 7:46 PM, "Chris Steipp" <[email protected]> wrote: > > Hi all, > > With all the talk about turning on $wgSecureLogin for WMF sites, there has > been a lot of misconceptions about how the option works, and difference of > opinions about how they should work in the future. > > I started: > https://www.mediawiki.org/wiki/Requests_for_comment/Login_security > > It would be great to get feedback on the "Longer Term Questions" section. > Also, if anyone isn't entirely clear about how the preferences work, > hopefully this will provide some clarification. >
Requiring https for advanced privileges seems odd. Would that require a second set of credentials over a https only page? If not, the most important consideration is already lost, the credentials. If yes, will people actually use different credentials? Should that be enforced? Is that worth the software complexity? What are the advantages here? _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-lht _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
