Comments on: Flurry of activity on the Deki front

By: reed

reed — Wed, 21 Jan 2009 15:53:01 +0000

The reason we explicitly chose to go with HTTPS for all pages is because Deki doesn’t support it just for auth. The site should be more responsive if we can use it for auth only. This assumes that MindTouch’s solution is secure and doesn’t include private data in the cookies and so forth. We’ll see what they do.

So, I think the best solution would be to use http for logged-out users and require SSL for logged-in users. That seems reasonable and keeps response time for most people down.

By: sheppy

sheppy — Tue, 20 Jan 2009 01:20:19 +0000

Woo — Deki now has a Wiki.inclusions feature that returns a list of the pages in the inclusion chain, so you can see who included you. This will be enormously useful!

By: sheppy

sheppy — Tue, 20 Jan 2009 01:19:06 +0000

Steve — yes, that’s why I used words like “targeted.” We’ll see what happens; still, it’s exciting to see this stuff being looked at!

By: sheppy

sheppy — Tue, 20 Jan 2009 01:17:15 +0000

By: reed

reed — Tue, 20 Jan 2009 00:16:38 +0000

The ability to use HTTPS for authentication, then use HTTP for everything else is also on the Lyons list.
Bug 397125 mentions that we explicitly chose to go with HTTPS for all pages. Will the above change prevent that in some way?

By: Steve Bjorg

Steve Bjorg — Mon, 19 Jan 2009 22:14:19 +0000

To clarify, while these bugs were assigned to devs for the “Lyons” release, they may still get punted for various reasons. However, they are being investigated and everything we can fix, will be fixed. Whatever doesn’t make it, will be retargeted for Lyons+, which will following 2-3 months after Lyons ships.