Thursday, June 30, 2016

Wikipedia:Secure server?

I have no idea what a Wikipedia Secure server is. I suppose it keeps people from modifying Wikipedia files when no one wants them to or something like that. But, when I saw this at HTTPS I thought I would research it in case any of you are interested in this:
begin quote from:
Wikipedia:Secure server

Wikipedia:Secure server

From Wikipedia, the free encyclopedia
Wikimedia used to have a designated secure server (2005–2011) that was used for accessing Wikimedia projects with an encrypted connection. In 2011, all the main web server addresses at Wikimedia started supporting encrypted connections. In 2013, encryption became the default for logged-in users. As of 2015, unencrypted access is no longer possible. Refer to the "HTTPS" article at Meta-Wiki for more information about the current state of encryption on Wikimedia projects.
This page reflects the historical state from the time that encryption was optional.

Contents

Possible problems

There are some cases that can break HTTPS security, which you should watch out for. Your browser may warn you, and you should report these problems (e.g. at Wikipedia:Village pump (technical)):
  • Some links take you back to the normal servers. (Learn more in the sections below.)
  • Most scripts and css are loaded through the secure server, but if you add scripts or gadgets that make connections to external services then these might break the secure connection.
  • Performance: some overhead is imposed by SSL, as ~1% of server CPU, some traffic, some client CPU, some delay in the first connection. For related discussion, see posts on Stack Overflow: [1], [2].

But still very useful

There are several situations when the secure server can be useful:
  • Using the secure server gives some protection against eavesdropping, and most of all it protects against others snooping your Wikipedia password or cookie (for example with tools like Firesheep). Eavesdropping is a problem especially when connecting through a wireless network, a company or school network, or a public computer such as an Internet café.
  • Some users have a bad Internet connection that intermittently mangles characters. This can cause all kinds of weird problems while editing pages. This mostly happens when connected over wireless or mobile networks. Using the secure server fixes this, since the secure connection has much better error detection than the normal connections.
  • Some Internet access points (such as public Wi-Fi networks at some hotels or cafes) inject banner ads into all kinds of web pages including Wikipedia; using the secure server prevents this.

Logged in or not

You don't have to be logged in to use the secure server. However, if you have a Wikipedia account, be aware that the secure server handles login separately from the normal servers, so when you go to the secure server for the first time, you won't be logged in there. However, you can log in there using your normal Wikipedia account, and you can be logged in to the secure server and the normal servers at the same time.

Local links

When using the secure server, most local links automatically use the secure server. When using external links you need to take an additional step. For instance, here's a link to a search for the words "secure server":
[http://en.wikipedia.org/w/index.php?title=Special:Search&search=secure+server&fulltext=Search&ns4=1&ns5=1 Search]
Instead consider writing:
[//en.wikipedia.org/w/index.php?title=Special:Search&search=secure+server&fulltext=Search&ns4=1&ns5=1 Search]
To get what is known as a protocol relative link. It will use https for readers using https and http for readers using http.
Search
However, there is no need to hardcode local links. If you need to add query parameters to a link, for instance when making links to special pages, then you can use the magic word "{{fullurl:}}".
[{{fullurl:Special:Search | search=secure+server&fulltext=Search&ns4=1&ns5=1 }}  Search]
Search

Links to other projects

Like wikilinks within Wikipedia (see previous section), InterWikimedia links, i.e. wikilinks to other Wikimedia projects such as Wiktionary, are usually adjusted to the secure server.

Force links to the secure server

There is the {{sec link}} template that always creates a secure link. It can make both local links and links to other Wikimedia projects. You can for instance put that template on your user page and feed it the appropriate parameters to make a link to the project, language and page that you want.
If you need to reach a non-English version of one of the projects, then {{sec link}} can do that too, but you can also do it by hand:
First go to the English version of the project by using the start page of the secure server. Then manually edit the URL in the address bar to change the part that selects the language. For instance, the German language prefix is "de", so change this:
https://en.wikipedia.org/ (English Wikipedia)
To this:
https://de.wikipedia.org/ (German Wikipedia)
After you made such a link, you can save it in your browser's bookmarks, or save it on your user page. But don't put such hardcoded links in other pages or templates, since users who are connected to the normal servers probably don't want to be sent to the secure server.

The old server

The old secure server with URLs like https://secure.wikimedia.org/wikipedia/en/wiki/ has been deprecated since October 2011 and is no longer supported. As of 14 November 2012, it has been a redirect to https://en.wikipedia.org/wiki/.

Check for yourself

If you are interested in the details of the secure connection being offered by the services, then you can inspect it with tools like: SSL Labs or SSL analyzer. The following details are non-authoritive information:
Validity
The current certificate is valid until 22 November 2015
SHA-1 fingerprint
D1 B3 F4 B9 EF 27 75 07 EE DD B5 61 75 15 3F EA B9 EF 85 C9
MD5 fingerprint
39 9E 11 A2 B5 E6 27 37 EA BB 38 98 D5 BF B6 C8

See also

External links

No comments:

Post a Comment