[Koha-devel] "IP address has changed. Please log in again"
Galen Charlton
gmc at esilibrary.com
Fri May 31 00:25:41 CEST 2013
Hi,
On Thu, May 30, 2013 at 3:07 PM, Michael Hafen
<michael.hafen at washk12.org> wrote:
> I understand that forcing https in the software is a good security measure.
> I'm just asking that it be controlled by a system preference, or be made an
> optional section in the apache config file in consideration of those who
> would like to avoid the overhead added by https.
I'm not sure I necessarily buy that the computational overhead for SSL
is a major factor nowadays for anything but the most ancient of
hardware. I grant that load balancers speaking to HTTPS backends can
have configuration issues that are sometimes more easily addressed by
letting the backends speak HTTP.
Regardless, I do think that the Apache virtualhost configuration would
be the right place to do an SSL-only configuration, either as a
default or just a commented-out recommendation. Koha's CGI scripts
don't need to enforce it.
Regards,
Galen
--
Galen Charlton
Manager of Implementation
Equinox Software, Inc. / The Open Source Experts
email: gmc at esilibrary.com
direct: +1 770-709-5581
cell: +1 404-984-4366
skype: gmcharlt
web: http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org
More information about the Koha-devel
mailing list