> From: Justin Randall [mailto:ran...@hotmail.com] > Subject: RE: j_security_check with https > > There is a point of switching back to HTTP after HTTPS. From > a server load perspective having to perform SSL computations > for every single HTTP request can be a serious performance > bottleneck.
Of course - everyone recognizes that. Serious sites will offload the SSL processing to a separate box or NIC card for that very reason. > however unless you are in a location where eavesdropping > attacks are a risk, Such as pretty much anywhere on the Internet? If eavesdropping attacks were not a risk, there would be no point in encrypting the security credentials. You can't have it both ways. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
