[haiku-web] Re: Authentication with Drupal
- From: Oliver Tappe <zooey@xxxxxxxxxxxxxxx>
- To: haiku-web@xxxxxxxxxxxxx
- Date: Wed, 25 Nov 2009 21:09:57 +0100
On 2009-11-25 at 17:11:59 [+0100], Jorge G. Mare <koki@xxxxxxxxxxxxx> wrote:
> Oliver Tappe wrote:
> > 2. Using both the 'secure pages' and the 'secure pages hijack prevention'
> > module to switch the vulnerable pages (login, edit-profile, ...) over to
> > https.
> >
>
> FWIW, I use this method in one of my customer's site, and it is easy to
> setup and works as expected. TBH, I don't know about the load increase
> that this method introduces, but that is because the site I use it in
> has very low traffic. Traffic on the Haiku website does get pretty high
> at times, but it tends to be mostly anonynous traffic (so maybe it does
> not matter?).
Yeah, anonymous traffic shouldn't matter - and, actually I think we can
forget about the load increase that the encryption will cause, after all:
baron's CPUs are mostly idling, anyway.
Then I shouldn't have mentioned it in the first place, I know ;-)
> Don't know about the other methods, so can't comment. What I would not
> like to see gone or replaced is the new user registration page, as we
> may use it to capture more user information than we do now in the future.
Acknowledged - but I doubt the registration page would be influenced by any
of the methods. Http-digest-auth would only need to override the login page
(i.e. replace it with the browser popup).
cheers,
Oliver
-----------------------------------------------------------------------
haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List
Other related posts:
