[Bug 54110] Force HTTPS for /token if the Consumer is not using an RSA key
https://bugzilla.wikimedia.org/show_bug.cgi?id=54110 Brad Jorsch bjor...@wikimedia.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54110] Force HTTPS for /token if the Consumer is not using an RSA key
https://bugzilla.wikimedia.org/show_bug.cgi?id=54110 --- Comment #3 from Gerrit Notification Bot gerritad...@wikimedia.org --- Change 85218 merged by jenkins-bot: Use HTTPS for Special:MWOAuth/token https://gerrit.wikimedia.org/r/85218 -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54110] Force HTTPS for /token if the Consumer is not using an RSA key
https://bugzilla.wikimedia.org/show_bug.cgi?id=54110 Chris Steipp cste...@wikimedia.org changed: What|Removed |Added Status|PATCH_TO_REVIEW |NEW -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54110] Force HTTPS for /token if the Consumer is not using an RSA key
https://bugzilla.wikimedia.org/show_bug.cgi?id=54110 --- Comment #2 from Gerrit Notification Bot gerritad...@wikimedia.org --- Change 85218 had a related patch set uploaded by Anomie: Use HTTPS for Special:MWOAuth/token https://gerrit.wikimedia.org/r/85218 -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54110] Force HTTPS for /token if the Consumer is not using an RSA key
https://bugzilla.wikimedia.org/show_bug.cgi?id=54110 Gerrit Notification Bot gerritad...@wikimedia.org changed: What|Removed |Added Status|NEW |PATCH_TO_REVIEW -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 54110] Force HTTPS for /token if the Consumer is not using an RSA key
https://bugzilla.wikimedia.org/show_bug.cgi?id=54110 --- Comment #1 from Brad Jorsch bjor...@wikimedia.org --- (In reply to comment #0) However, if the Consumer is using an RSA key, then the authorization token's secret isn't used, so the security isn't affected by not using SSL for the /token call. What about the token credentials returned in the response? Those are still plain text. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l