On 2/3/06, Dennis Clarke <blastwave at gmail.com> wrote:
> On 2/3/06, Cyril Plisko <cyril.plisko at gmail.com> wrote:
> > On 2/3/06, Dennis Clarke <blastwave at gmail.com> wrote:
> > > On 2/2/06, Cyril Plisko <cyril.plisko at gmail.com> wrote:
> > > >
> > > > polaris.blastwave.org is up and running. I was about to make an
> > > > announcement, but the word got out. I think that this kind of
> > > > collaboration tool
> > > > is of great importance for community and it'll demonstrate its value
> > > > very soon.
> > >
> > > First thing I'd like to do is get a real SSL site cert for security.
> >
> > Why ? And this machine isn't too fast to make it run crypto all the time.
> > Do we really need it there ?
> >
>
> Anytime a web site requires a person to enter a password it needs to
> be _at_least_ encrypted and at most we need RSA ACE server with PRNG
> key fobs. This is a basic security step and its entirely reasonable.
> As for fast, running SSL with Apache barely uses 2% of the CPU. The
> lists server lists.blastwave.org uses SSL and it has no issues with
> performance. The CPU usage is not even measurable.
Oh, I see - you were talking about SSL protection for password authentication -
I somehow thought you want it to run entirely over SSL.
Yeah, that makes sense.
--
Regards,
Cyril
