wgSecureLogin works. I patched the broken version of it not too long ago. Now I'm just waiting on my patch in Gerrit to turn on wgSecureLogin on WMF wikis. On Nov 17, 2012 1:03 PM, "Antoine Musso" <hashar+...@free.fr> wrote:
> Le 16/11/12 22:04, Brion Vibber a écrit : > <snip> > > Do we have a timetable for migrating all login sessions to HTTPS yet? I > > love that we've got a clean HTTPS option available, but it really skeezes > > me out that we still allow logins and passwords over plain HTTP. > > > > -- brion > > I guess it is all about enabling $wgSecureLogin [1] which would force > the login form to use HTTPS for its POST. I speedy hacked it two years > ago and Chris Steipp has fixed it a few weeks ago. > > Maybe we could enable it on test first and see how it goes? > > > [1] http://www.mediawiki.org/wiki/Manual:$wgSecureLogin > > -- > Antoine "hashar" Musso > > > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
