Domas Mituzas wrote:
In order to secure usernames/passwords, some other use
of TLS/SSL may
apply. The AAA work may be done on
https://login.wikipedia.org/wikiname, also giving a .wikipedia wide
security token in that place and not messing with that in clear-text
connections.
Could be done, though you'll want to make sure the token isn't
plaintext-equivalent.
You'll also have to provide a secure channel for changing passwords.
-- brion vibber (brion @
pobox.com)