Last modified: 2013-08-21 12:18:44 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T54283, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 52283 - Remove checkbox on userlogin to "Stay connected to HTTPS after login"
Remove checkbox on userlogin to "Stay connected to HTTPS after login"
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.22.0
All All
: Low enhancement (vote)
: ---
Assigned To: Tyler Romeo
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-30 18:27 UTC by Steven Walling
Modified: 2013-08-21 12:18 UTC (History)
12 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Steven Walling 2013-07-30 18:27:32 UTC
Currently with wgSecureLogin set to true, it adds a checkbox on Special:UserLogin (which is checked by default) to let the user "Stay connected to HTTPS after login" or not.

I think it is probably not necessary. HTTPS is a sane default, and if there's going to be an option to turn it off, it should likely be in user preferences, not on the login page every time you view it.
Comment 1 Ryan Kaldari 2013-07-30 18:34:15 UTC
Agreed. It should either be a sane default or moved to preferences. It should definitely not be on the log-in page, especially not with the arcane message "Stay connected to HTTPS after login".
Comment 2 Chris Steipp 2013-07-30 19:18:43 UTC
The functionality should not be removed, but I'll let you guys decide how to create the best experience.

Some users are very touchy about being forced to use https, so we need to maintain a way to (insecurely) use the site after they login.
Comment 3 Steven Walling 2013-07-30 19:29:01 UTC
(In reply to comment #2)
> The functionality should not be removed, but I'll let you guys decide how to
> create the best experience.
> 
> Some users are very touchy about being forced to use https, so we need to
> maintain a way to (insecurely) use the site after they login.

Why are they touchy?

Unless login truly does not work for some users if forced to use HTTPS, I think there is no reason to allow insecure login sessions as an option. It's a fundamental account security issue. If you want to edit via an insecure connection, you can continue to do so anonymously.
Comment 4 Tyler Romeo 2013-07-30 19:53:19 UTC
The reason it shouldn't be removed is because it's completely outside the scope of the feature. $wgSecureLogin is intended as a means of forcing private data, specifically passwords, over a secure transport layer connection. It is not intended as a means of forcing specific users to use TLS. Furthermore, I'd like to point out that no reason has been presented for actually removing the option.

(In reply to comment #3)
> Unless login truly does not work for some users if forced to use HTTPS, I
> think
> there is no reason to allow insecure login sessions as an option. It's a
> fundamental account security issue. If you want to edit via an insecure
> connection, you can continue to do so anonymously.

This is by no means a "fundamental account security issue". Using Wikipedia over HTTP does not in-and-of-itself pose a major security concern (unless you count session hijacking, which could be avoided if the session key was renegotiated more often). Sending passwords over HTTP, on the other hand, does, which is why this feature exists.

(In reply to comment #0)
> and if there's going to be an option to turn it off, it should likely be
> in user preferences, not on the login page every time you view it.

Now with all of that said, I agree I'd much rather this be a user preference than have it cluttering the login page. Because then at least the user can still use HTTP if they really want to.

And conveniently enough:
https://gerrit.wikimedia.org/r/47089
Comment 5 Steven Walling 2013-07-30 19:55:38 UTC
(In reply to comment #4)
> 
> Now with all of that said, I agree I'd much rather this be a user preference
> than have it cluttering the login page. Because then at least the user can
> still use HTTP if they really want to.
> 
> And conveniently enough:
> https://gerrit.wikimedia.org/r/47089

Thanks for the link. I agree this is the best interim solution, while we argue about whether it should be a preference at all. ;)
Comment 6 Gerrit Notification Bot 2013-07-30 20:00:39 UTC
Change 47089 had a related patch set uploaded by Parent5446:
Change secure login to use a user preference; add secure groups option.

https://gerrit.wikimedia.org/r/47089
Comment 7 MZMcBride 2013-07-30 23:06:46 UTC
The checkbox should definitely be removed from the login screen. It's not clear to me why it was ever added there in the first place. We did this once before with some other (non-SSL-related) checkbox on the login screen. I thought we'd learned our lesson.
Comment 8 Tyler Romeo 2013-07-30 23:49:11 UTC
Just to be clear: I think the checkbox should be removed (and I don't think there's anybody who thinks it should stay); I just think it should have a replacement because the functionality is still important.
Comment 9 Ryan Lane 2013-07-30 23:51:07 UTC
Sure, maybe the MediaWiki software should have a replacement in the preferences, but for Wikimedia sites it should be hidden.
Comment 10 Tyler Romeo 2013-07-30 23:55:22 UTC
(In reply to comment #9)
> Sure, maybe the MediaWiki software should have a replacement in the
> preferences, but for Wikimedia sites it should be hidden.

Agreed on this as well. With my patch, this would be done by adding the 'user' group to the list of required HTTPS groups. Right now it only disables the preference, but it would be trivial to add a special case to remove it entirely if all users have it disabled.
Comment 11 Gerrit Notification Bot 2013-08-19 18:27:55 UTC
Change 76823 abandoned by Demon:
Remove "stick HTTPS" option from login page

https://gerrit.wikimedia.org/r/76823
Comment 12 Gerrit Notification Bot 2013-08-20 00:08:28 UTC
Change 47089 merged by jenkins-bot:
Change secure login to use a user preference

https://gerrit.wikimedia.org/r/47089
Comment 13 Steven Walling 2013-08-20 00:39:36 UTC
Thanks guys!
Comment 14 Gerrit Notification Bot 2013-08-20 01:01:04 UTC
Change 79960 had a related patch set uploaded by Demon:
Change secure login to use a user preference

https://gerrit.wikimedia.org/r/79960
Comment 15 Gerrit Notification Bot 2013-08-20 01:03:40 UTC
Change 79963 had a related patch set uploaded by Demon:
Change secure login to use a user preference

https://gerrit.wikimedia.org/r/79963
Comment 16 Gerrit Notification Bot 2013-08-20 19:18:59 UTC
Change 79963 merged by jenkins-bot:
Change secure login to use a user preference

https://gerrit.wikimedia.org/r/79963
Comment 17 Gerrit Notification Bot 2013-08-20 19:25:31 UTC
Change 79960 merged by jenkins-bot:
Change secure login to use a user preference

https://gerrit.wikimedia.org/r/79960

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links