> >From: Nathan Maves [mailto:[EMAIL PROTECTED]
> >
> >I have been using the sercurityfilter by Max Cooper.
> >
> >I wanted to know the best way to incorporate SSL into the picture.
> >What is the best way to ensure that the login page and submission
> >action is encrypted?
For something similar for our particular application, we asked
the hosting service (eapps.com, we've been pretty happy with them) to
configure something similar, but at the apache level. It's worked
pretty nicely and reliably.
If you're not using apache, or don't have access to those config
files, the simple answer might be to set up a servlet filter that's
mapped to the URL pattern "/*", and have it send back a client-side
redirect, bouncing any non-SSL requests to the SSL version.
> On May 10, 2004, at 1:53 PM, Hookom, Jacob wrote:
> >Configure your server to only accept requests in an SSL port.
On Mon, May 10, 2004 at 02:04:08PM -0600, Nathan Maves wrote:
> How much of a performance loss would this be?
At one point in the past (several years ago, 1998 maybe?) I read
that an SSL webserver consumes approximately 40% more CPU than a
non-SSL webserver.
What this means today after 6 years of advance in the state of
the art, I don't know.
What this means for an apache/tomcat combo, I don't know.
You should probably do some stress-testing and find out what kind
of relative impact on performance and CPU utilization you see. If you
do, it'd be a really nice thing to post what you learn here.
Some food for thought; CPUs are much, much faster now than they
were in the past, so even if the actual computations for SSL aren't
more expensive, the CPUs may be a lot bettter at handling the load.
There are also, in a serious industrial-strength web setting,
hardware SSL accelerators, basically a box that handles the SSL
aspects of the connection and forwards the rest to the webserver.
These typically cost in the range of $25,000 and are supposed to be
much, much more performance-effective than just getting a bigger CPU
to run your webserver on.
--
Steven J. Owens
[EMAIL PROTECTED]
"I'm going to make broad, sweeping generalizations and strong,
declarative statements, because otherwise I'll be here all night and
this document will be four times longer and much less fun to read.
Take it all with a grain of salt." - Me at http://darksleep.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
