Posts tagged "ssl"

Before we continue our little Performance Analysis Series, let’s look at some current news:

The Bad News: HTTP is dead. Get over it. The killer? It’s called Firesheep, a free Firefox extension that makes it trivially easy for that kid sitting next to you in that Wifi hotspot to steal your Facebook, Twitter or other web services’ identity.

The Victims: The first line of victims are of course millions of unsuspecting users that are sitting in WLAN areas, not knowing that their web identities can be stolen at the click of the button. But the real victims are hundreds, if not thousands of website owners, starting with the who-is-who of web companies, who are now (rightly so) faced with the challenge of upgrading their web infrastructure to HTTPS as soon as possible, preferably overnight.

The Good News: Adding encryption to your web servers used to be an additional burden on the CPU, negatively impacting performance by as much as 2-3x. Fortunately, the new SPARC T3 processors enable you to switch SSL encryption on for your web applications, without any performance impact. This is possible through built-in encryption engines at the core level. And thanks to the Oracle Solaris Cryptographic Framework, it’s easy to take advantage of hardware encryption for any application that needs it.

Wanna learn more? Read on!

Yesterday, I had two hours in a cafe, a Cappuccino on my table, a piece of lemon cake and free WLAN. “Cool”, I thought, “I’ll write an entry for my blog!”. How romantic. Right after I entered my blog user’s password, it dawned on me: The connection to my blog wasn’t encrypted! Anyone able to sniff on the local WLAN would have been able to catch my password as I entered it and steal my blog user ID! It took me some time (slightly more than the 2 hours I had…) to figure this out, so here’s a howto on how to make your login/admin tasks secure for a Drupal instance running on Strato as the hoster.