No, my understanding is login's weren't encrypted unless SSL was used. Scott, I'm not a sysadmin, but does win2k3 server have something like iptables? That MIGHT be a little more helpful, I'll have to research it more, however, I still need to figure out how to drop SSL after the login screen. Let me do some more digging around the internet.
The login password is encrypted with MD5 before checking the DB and stored in the DB as an MD5 hash, so with that being said, is SSL even neccessary on the login to the software? Thank you again for all the responses and advice. It is highly appreciated. - Josh On Fri, Aug 7, 2009 at 11:27 AM, Mike -- EMAIL IGNORED < m_d_berger_1...@yahoo.com> wrote: > On Fri, 07 Aug 2009 08:40:55 -0400, Josh Gooding wrote: > > > Thanks for the reply Krist, > > > > Let me give you a little background on what I did (and still doing). I > > created a video training software that is now internet based. Nothing > > inside of the training needs to be across HTTPS, except the login page. > > Client's said they would "like" to see it done. Which is were I am at > > right now. I always thought that HTTPS is noticeably slower than > > regular HTTP, which is why I would not want HTTPS on the entire site, > > since video and graphics tend to be more bandwidth and CPU intensive. > > > > In essence I am trying to keep the lag to as little as possible and only > > encrypt what needs to be encrypted. > > > > - Josh > > > [...] > > Please read my recent thread "excessive DNS slows httpd". > The bottom line: I recently introduced SSL to part of my > web site, and it slowed considerably. Using iptables > (on a Linux system),I blocked all DNS, and speed of > response is better than ever, 8 meg photo files > notwithstanding. > > Additionally, I thought sign-in is encrypted even when > SSL is not in use. Is this not true? > > Mike. > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
