On Fri, Jul 29, 2011 at 04:32:50PM -0400, Joseph wrote: > So, I've turned on the configuration flag that forces the user to use HTTPS > when they log in to DSpace; > > Should the rest of their session take place over an https connection or is > it safe for them to go back to regular http after they have logged in?
In general we can't really answer that and you probably can't either. It depends on the nature of the stuff in your repository and your users' needs for privacy. And if your repo. is public, you don't know who your users are until they've arrived. Here all access is encrypted. I admit to being an extremist in this area: I think all network packets should be encrypted in at least one layer unless someone can show a compelling reason for some particular packets to go in clear. And I figure that, if I'm worried about the cost of encryption maxing out our processors, I didn't recommend a fast enough machine. Once the handshake is done, session encryption is cheap. -- Mark H. Wood, Lead System Programmer [email protected] Asking whether markets are efficient is like asking whether people are smart.
pgpkBQOohngam.pgp
Description: PGP signature
------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
