Page MenuHomePhabricator

Make Wikispore HTTPS-only
Closed, ResolvedPublic

Event Timeline

I think this is as easy as enabling $wgForceHTTPS and maybe setting a HSTS header.

I know tech people will not love this question, but access, sustainability and low-resource enthusiasts in me would love to ask:

What are the urgencies in pushing for HTTPS-only right now?
(we do not do any super secret info or transactions that need security)
((it basically just adds more processing and reduces or even cuts access for weak-old hardware))

Sure, theft of a Wikispore account is not particularly damaging, but I doubt there are many people who cannot access Wikipedia and its sister projects but would want to access Wikispore, so there isn't anything to win by leaving it open to (however unlikely) attacks.