Re: Re: Need some SSL help please.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I had an idea... what about putting the domain in the configuration file and doing a "hard" redirect upon proper authentication?  Would this be feasible?  Doable in httpd?

On Fri, Aug 7, 2009 at 2:08 PM, Josh Gooding <josh.gooding@xxxxxxxxx> wrote:
No, my understanding is login's weren't encrypted unless SSL was used. 

Scott, I'm not a sysadmin, but does win2k3 server have something like iptables?  That MIGHT be a little more helpful, I'll have to research it more, however, I still need to figure out how to drop SSL after the login screen.  Let me do some more digging around the internet.

The login password is encrypted with MD5 before checking the DB and stored in the DB as an MD5 hash, so with that being said, is SSL even neccessary on the login to the software?

Thank you again for all the responses and advice.  It is highly appreciated.

- Josh


On Fri, Aug 7, 2009 at 11:27 AM, Mike -- EMAIL IGNORED <m_d_berger_1900@xxxxxxxxx> wrote:
On Fri, 07 Aug 2009 08:40:55 -0400, Josh Gooding wrote:

> Thanks for the reply Krist,
>
> Let me give you a little background on what I did (and still doing).  I
> created a video training software that is now internet based.  Nothing
> inside of the training needs to be across HTTPS, except the login page.
> Client's said they would "like" to see it done.  Which is were I am at
> right now.  I always thought that HTTPS is noticeably slower than
> regular HTTP, which is why I would not want HTTPS on the entire site,
> since video and graphics tend to be more bandwidth and CPU intensive.
>
> In essence I am trying to keep the lag to as little as possible and only
> encrypt what needs to be encrypted.
>
> - Josh
>
[...]

Please read my recent thread "excessive DNS slows httpd".
The bottom line: I recently introduced SSL to part of my
web site, and it slowed considerably.  Using iptables
(on a Linux system),I blocked all DNS, and speed of
response is better than ever, 8 meg photo files
notwithstanding.

Additionally, I thought sign-in is encrypted even when
SSL is not in use.  Is this not true?

Mike.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux