[aur-general] Securing the AUR website
Pierre Schmitz
pierre at archlinux.de
Mon Sep 5 08:35:36 EDT 2011
On Mon, 5 Sep 2011 13:55:38 +0200, Cédric Girard wrote:
> Hi,
>
> On Mon, Sep 5, 2011 at 1:46 PM, Ray Rashif <schiv at archlinux.org> wrote:
>
>> it slows down my inherently slow
>> connection (think GPRS/EDGE/2G)
>>
>
> Do you have any figures to support this? I would be interested to see what
> the impact of HTTPS on the client side is.
Me too. We'd need some numbers to back this argument. I also wonder how
many are really affected by having such a slow connection that this
would actually matter. I wouldn't be surprised if this number is really
low.
I think I already posted all arguments to this thread. So far the only
argument against ssl consider valid is decrease of performance. Maybe
someone could do some test on this; e.g. check how many bits are
transferred using https vs http. Don't forget to take http keep-alive
into consideration here. Whatever the outcome of this is, we will most
likely spend most of the time in server side processing (sql queries,
php). So instead of shutting down ssl we might want to optimize that at
first. There are also some things you can tune on web server level (e.g.
choosing a faster cipher etc.)
At the time I switched to https only for archlinux.de I did some tests
and research. At least I couldn't notice any difference in load time
using a quite slow connection.
--
Pierre Schmitz, https://users.archlinux.de/~pierre
More information about the aur-general
mailing list