> > > - Should MediaWiki support allowing some users to use http for their > login, while most users use https? If yes, what are reasonable criteria for > determining who can use http (e.g., user groups, GeoIP, or some other > criteria)? > > I don't have an answer for this, but if it is done it should not be in core, which seems to be the current approach anyway (since the current patch just adds a CanUseHTTPS hook).
> > - Should MediaWiki support logged in users using HTTP, when HTTPS is > available to them but they don't want to use it (typically for performance > reasons-- low end devices, lack of caching, etc)? > > I think so. I mean the difficulty of allowing a user to go back to HTTP is not that difficult. > > - Should MediaWiki support requiring HTTPS for users with advanced > privileges? > > You mean like my $wgSecureGroups approach? Because if people actually still want that I can attempt to revive that part of my patch. I think it'd be of especial interest to require HTTPS for checkusers and oversight people, due to the legal problems associated with breaches to those accounts. *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com On Fri, Aug 23, 2013 at 1:46 PM, Chris Steipp <cste...@wikimedia.org> wrote: > Hi all, > > With all the talk about turning on $wgSecureLogin for WMF sites, there has > been a lot of misconceptions about how the option works, and difference of > opinions about how they should work in the future. > > I started: > https://www.mediawiki.org/wiki/Requests_for_comment/Login_security > > It would be great to get feedback on the "Longer Term Questions" section. > Also, if anyone isn't entirely clear about how the preferences work, > hopefully this will provide some clarification. > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l