O'Reilly logo

Web Performance Tuning, 2nd Edition by Patrick Killelea

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. Security

Web site security usually comes at the cost of performance, but not always. Some security changes can also increase performance. For example, keeping a site simple and avoiding Java and JavaScript means fewer points of weakness. Also, avoiding Microsoft’s IIS web server will likely improve performance while eliminating vulnerability to a large number of viruses that can infect only IIS.

In this chapter, I cover a few security points only as they relate to performance. If you are looking for pure security information, try Practical Unix and Internet Security, by Simpson Garfinkel and Gene Spafford (O’Reilly & Associates).

HTTPS and SSL

Secure HTTP (HTTPS) uses ordinary HTTP over the Secure Socket Layer (SSL) protocol on port 443 by default. SSL encrypts all traffic, so you can be confident that your content will not be intelligible to anyone snooping Internet packets. In fact, even the HTTP headers and all images will be encrypted. You might think that you can save some server CPU power by not encrypting images (that is, putting links to a non-SSL image server). However, browsers do not allow unencrypted images on SSL protected pages.

HTTPS uses public-key encryption just long enough to exchange keys, and then it switches to private-key encryption for better performance. The private keys will be cached by both the client and server so that additional connections to the same site will be faster, at least until the entry expires from the connection cache. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required