[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: SOAP-RPC and REST and security

• To: xml-dev@l...
• Subject: Re: SOAP-RPC and REST and security
• From: Gavin Thomas Nicol <gtn@r...>
• Date: Wed, 20 Feb 2002 17:46:02 -0500
• In-reply-to: <2C61CCE8A870D211A523080009B94E4306FEE8E5@HQ5>
• Organization: Red Bridge Interactive, Inc.
• References: <2C61CCE8A870D211A523080009B94E4306FEE8E5@HQ5>

On Wednesday 20 February 2002 04:39 pm, Bullard, Claude L (Len) wrote:
> What is the impact on performance of implementing
> field level security?  Module or record level, I
> can understand, but field level seems to be prohibitively
> expensive.

It's not *very* expensive. In one of our products everything is 
protected via what I call "split capabilities" such that individual 
method invocations, fields, buttons etc. are all controlled. The real 
trick is to compile to a "resolved security matrix" on a per-user 
basis to allow short-circuited permission checking.

The checks probably adds 2-4% to the overall runtime in a JAVA 
environment, and could be made much faster still.

• References:
  • RE: SOAP-RPC and REST and security
    • From: "Bullard, Claude L (Len)" <clbullar@i...>

• Prev by Date: RE: SOAP-RPC and REST and security
• Next by Date: Re: RDDL: minor update
• Previous by thread: RE: SOAP-RPC and REST and security
• Next by thread: RE: SOAP-RPC and REST and security
• Index(es):
  • Date
  • Thread