tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: j_security_check with https
Date Wed, 07 Jan 2009 03:20:22 GMT
> From: Justin Randall [mailto:randju@hotmail.com]
> Subject: RE: j_security_check with https
>
> There is a point of switching back to HTTP after HTTPS.  From
> a server load perspective having to perform SSL computations
> for every single HTTP request can be a serious performance
> bottleneck.

Of course - everyone recognizes that.  Serious sites will offload the SSL processing to a
separate box or NIC card for that very reason.

> however unless you are in a location where eavesdropping
> attacks are a risk,

Such as pretty much anywhere on the Internet?  If eavesdropping attacks were not a risk, there
would be no point in encrypting the security credentials.  You can't have it both ways.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message