Page MenuHomePhabricator
Create Task
Maniphest T260701

Make Wikispore HTTPS-only
Open, Needs TriagePublic
Actions

Event Timeline

Tgr created this task.Aug 18 2020, 3:34 PM
Tgr moved this task from Backlog to Next-up on the Wikispore board.Oct 18 2020, 7:05 PM
Tgr claimed this task.Oct 18 2020, 7:14 PM
Nintendofan885 added a project: HTTPS.Oct 18 2020, 7:18 PM
Restricted Application added a project: Traffic. · View Herald TranscriptOct 18 2020, 7:18 PM
Ladsgroup moved this task from Triage to BadHerald on the Traffic board.Oct 19 2020, 8:46 AM
Restricted Application added a project: SRE. · View Herald TranscriptOct 19 2020, 8:47 AM
Tgr added a comment.Nov 13 2020, 8:20 AM

I think this is as easy as enabling $wgForceHTTPS and maybe setting a HSTS header.

Zblace added a subscriber: Zblace.Nov 13 2020, 8:50 AM

I know tech people will not love this question, but access, sustainability and low-resource enthusiasts in me would love to ask:

What are the urgencies in pushing for HTTPS-only right now?
(we do not do any super secret info or transactions that need security)
((it basically just adds more processing and reduces or even cuts access for weak-old hardware))

Tgr added a comment.Nov 14 2020, 4:12 AM

Sure, theft of a Wikispore account is not particularly damaging, but I doubt there are many people who cannot access Wikipedia and its sister projects but would want to access Wikispore, so there isn't anything to win by leaving it open to (however unlikely) attacks.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL