httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Gooding <josh.good...@gmail.com>
Subject Re: [users@httpd] Re: Need some SSL help please.
Date Fri, 07 Aug 2009 18:13:02 GMT
I had an idea... what about putting the domain in the configuration file and
doing a "hard" redirect upon proper authentication?  Would this be
feasible?  Doable in httpd?

On Fri, Aug 7, 2009 at 2:08 PM, Josh Gooding <josh.gooding@gmail.com> wrote:

> No, my understanding is login's weren't encrypted unless SSL was used.
>
> Scott, I'm not a sysadmin, but does win2k3 server have something like
> iptables?  That MIGHT be a little more helpful, I'll have to research it
> more, however, I still need to figure out how to drop SSL after the login
> screen.  Let me do some more digging around the internet.
>
> The login password is encrypted with MD5 before checking the DB and stored
> in the DB as an MD5 hash, so with that being said, is SSL even neccessary on
> the login to the software?
>
> Thank you again for all the responses and advice.  It is highly
> appreciated.
>
> - Josh
>
>
> On Fri, Aug 7, 2009 at 11:27 AM, Mike -- EMAIL IGNORED <
> m_d_berger_1900@yahoo.com> wrote:
>
>> On Fri, 07 Aug 2009 08:40:55 -0400, Josh Gooding wrote:
>>
>> > Thanks for the reply Krist,
>> >
>> > Let me give you a little background on what I did (and still doing).  I
>> > created a video training software that is now internet based.  Nothing
>> > inside of the training needs to be across HTTPS, except the login page.
>> > Client's said they would "like" to see it done.  Which is were I am at
>> > right now.  I always thought that HTTPS is noticeably slower than
>> > regular HTTP, which is why I would not want HTTPS on the entire site,
>> > since video and graphics tend to be more bandwidth and CPU intensive.
>> >
>> > In essence I am trying to keep the lag to as little as possible and only
>> > encrypt what needs to be encrypted.
>> >
>> > - Josh
>> >
>> [...]
>>
>> Please read my recent thread "excessive DNS slows httpd".
>> The bottom line: I recently introduced SSL to part of my
>> web site, and it slowed considerably.  Using iptables
>> (on a Linux system),I blocked all DNS, and speed of
>> response is better than ever, 8 meg photo files
>> notwithstanding.
>>
>> Additionally, I thought sign-in is encrypted even when
>> SSL is not in use.  Is this not true?
>>
>> Mike.
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>

Mime
View raw message