RE: SOAP-RPC and REST and security

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: 'Gavin Thomas Nicol' <gtn@r...>, xml-dev@l...
Subject: RE: SOAP-RPC and REST and security
From: "Bullard, Claude L (Len)" <clbullar@i...>
Date: Wed, 20 Feb 2002 17:10:27 -0600

We do some similar things.  It is the notion 
that all fields can be secured this way and 
that the customer gets to pick and choose 
that is troubling.

len

-----Original Message-----
From: Gavin Thomas Nicol [mailto:gtn@r...]

On Wednesday 20 February 2002 04:39 pm, Bullard, Claude L (Len) wrote:
> What is the impact on performance of implementing
> field level security?  Module or record level, I
> can understand, but field level seems to be prohibitively
> expensive.

It's not *very* expensive. In one of our products everything is 
protected via what I call "split capabilities" such that individual 
method invocations, fields, buttons etc. are all controlled. The real 
trick is to compile to a "resolved security matrix" on a per-user 
basis to allow short-circuited permission checking.

The checks probably adds 2-4% to the overall runtime in a JAVA 
environment, and could be made much faster still.

Prev by Date: RE: SOAP-RPC and REST and security
Next by Date: RE: SOAP-RPC and REST and security
Previous by thread: RE: SOAP-RPC and REST and security
Next by thread: RE: SOAP-RPC and REST and security
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >