[Sugar-devel] [PATCH] webactivity: seed the XS cookie at startup

david at lang.hm david at lang.hm
Thu Feb 12 09:55:58 EST 2009


On Fri, 13 Feb 2009, Martin Langhoff wrote:

> On Thu, Feb 12, 2009 at 11:54 PM, Simon Schampijer <simon at schampijer.de> wrote:
>> Plan A - HTTPS to the rescue
>> Just to understand better.
>>
>> Is the main issue that we have to change the protocol - or are you more
>> worried about the CPU cost?
>
> Both. And also HTTPS network load, as HTTPS is a lot less cache-friendly.

note that if the XS is acting as a proxy the cache issue can be addressed. 
The XS can get a copy of the XO client cert at registration time, and with 
it can decrypt the HTTPS traffic and cache the unencrypted version. this 
is a lot of cpu, but it's on the XS not the XO, so it shouldn't be as bad 
(and there are hardware SSL encryption cards available that can be put in 
an XS for high-volume situations)

it's not just a matter of downloading a package and installing it, but 
it's not rocket science either.

this would have the side effect of making the XS security even more 
critical, but I think that it's already critical enough that this won't 
really make much difference in how it's secured.

David Lang



More information about the Devel mailing list