2016-05-21 0:46 GMT+02:00 Cédric Krier <[email protected]>: > Hi, > > I would like to share some experiences I just get with XML-RPC. > > Indeed, I was checking the XML-RPC from proteus on demo4.0.tryton.org > (port 80). And I found that it was really slower than the > demo3.8.tryton.org (port 8069). > > At first, I thouth it was a reverse-proxy issue, but both server runs > under similar configuration. > Then I thought it was an issue like [1] and that Nagle should be > disabled also on Linux. But it did not change any thing. > Finally, I timeout each method used and I found that it was the login > check. Demo 4.0 is using bcrypt for the password and 3.8 sha1. > And so the password in 4.0 is quite slow because of the design of bcrypt > and this check is done on each request. > > As it is not so obvious, I think it is good to share it.
Sure. Thanks for sharing. > So if you want to use XML-RPC with Basic authentication, you should be > careful about the encryption used for the password. > > PS: I'm wondering if we should allow to configure which hashing method > to use for specific user. I think that would be a little bit too much. But maybe it would be worth making it configurable on trytond.conf because currently it only depends on the availability of the bcrypt package. If it's there, it is used. > > > [1] https://bugs.tryton.org/issue5552 > > -- > Cédric Krier - B2CK SPRL > Email/Jabber: [email protected] > Tel: +32 472 54 46 59 > Website: http://www.b2ck.com/ > > -- > You received this message because you are subscribed to the Google Groups > "tryton" group. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tryton/20160520224656.GP13326%40tetsuo. -- Albert Cervera i Areny http://www.NaN-tic.com Tel. 93 553 18 03 -- You received this message because you are subscribed to the Google Groups "tryton" group. To view this discussion on the web visit https://groups.google.com/d/msgid/tryton/CADWJ7Gm1frpaK6A58G4Hw52E%3DECoKmVpMuMM%3DxgymE7a-SSqZw%40mail.gmail.com.
