Slide 20
Slide 20 text
Tools: Spring Security
HTTPS everywhere
▪ Once unsecure, always unsecure
You may think that going secure from the beginning is going to slow your site down due to
encapsulation of files and TCP SSL negotiation, this would normally be the case, however once
you are end-to-end secure you can harness the power of SPDY ( http://www.chromium.
org/spdy/spdy-whitepaper) to minimize round-trip time as well as enable header-compression and
multi-domain requests
▪ SPDY was donated by Google to the Apache Foundation (https://svn.apache.
org/viewvc/httpd/mod_spdy/trunk/)
▪ SPDY is also available for Nginx (http://nginx.org/en/docs/http/ngx_http_spdy_module.html)