Hello! On Sat, Nov 28, 2015 at 06:18:54PM +0100, Joó Ádám wrote:
> Hi, > > I just noticed that enabling basic authentication adds between 100 and > 150 ms to my otherwise 30-40 ms page load time. Is this known > behaviour? Is this somehow inherent or a design / implementation > mistake? Basic authentication checks user password on each request. Depending on a password hash used for a particular user in the user file, it may take significant time - as password hashes are designed to be CPU-intensive to prevent password recovery attacks. Some additional information can be found here: https://en.wikipedia.org/wiki/Crypt_(C) Depending on your particular setup and possible risks, you may consider using something less CPU-intensive as your password hash function if a hash calculation takes 100ms. All crypt(3) schemes as supported by your system are understood by nginx, as well as some additional schemes for portability and debugging. See here for more details: http://nginx.org/r/auth_basic_user_file -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
