Hoi,
Why we should defer it ? Because it would be good to finish things first. It
is imho really sad that important projects become more time consuming
because they are not finished. What to you seems to be not that big a deal
does cost time and according to earlier remarks it does cost servers. Both
are in short supply.
Thanks,
GerardM
On 9/16/07, Gwern Branwen <gwern0(a)gmail.com> wrote:
On 2007.09.16 07:21:25 +0200, GerardM <gerard.meijssen(a)gmail.com>
scribbled 48 lines:
Hoi,
Let us defer all talk about changing the login functionality until we
have
SUL implemented. Let us get SUL soon and first !
Thanks,
GerardM
Why should we defer it? It really doesn't seem like a big deal. There are
a couple things to discuss here:
#How much load would all logins going through SSL cause? This should be
really easy to do - figure out how much work a single SSL login causes, and
multiply. Even that crude ballpark estimate is better than nothing.
#Make logins by default go through SSL. We can break this down into two
suggestions:
##Make all admins go through SSL by default. I think this is an
*extremely* good idea. However expensive a SSL login might be, a few
thousand admins infrequently logging in is hardly going to stress the
servers comparable to normal editing or bot edits or spiders. Plus, it'd
give just a little more protection for account passwords in all situations,
not just for those editing through TOR. It's largely transparent to users,
has a chance of doing good, etc. (Now, I'm not saying force admins to go
through
secure.wikimedia.org, just that surely there must be some
configuration option or something for the regular
en.wikipedia.org login
page? This, like the first suggestion, is best answered by those with
technical chops.)
##Make all logins go through SSL by default. Sure, why not. The argument
against this would seem to be server load, but we need an answer to the
first point before we can productively argue this.
We really need some more information here. Is it hard to change the login?
I would assume that because you can already log in via SSL through
secure.wikimedia.org, the functionality is there and only needs to be
enabled for the frontend (as compared to SUL, a backend enhancement
involving vast and far-reaching changes), so to speak, but for all I know
the login page is actually some hardwired crufty HTML page that barely works
and adding an SSL option, default or not, would be a heroic undertaking
comparable to that of SUL.
Any of the developers want to comment?
--
gwern
Stallman guest jihad SL-1 VHF DF DSS Juiliett 2.6.2. Kwajalein
_______________________________________________
foundation-l mailing list
foundation-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/foundation-l