db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: [jira] Commented: (DERBY-2109) System privileges
Date Tue, 19 Dec 2006 16:44:34 GMT
Bryan Pendleton wrote:
>>  > So maybe if Derby is booted as a standalone server with no security
>>  > manager involved, it should install one with a default security
>>  > policy. Thus allowing Derby to use Java security manager to manage
>>  > system privileges but not requiring everyone to become familiar with
>>  > them.
> 
> One small concern is the performance impact. We noticed that the 10.2
> regression tests take a lot longer than the 10.1 regression tests did,
> and one of the explanations for that was that the 10.2 tests run with
> the security manager. There will be some people who will prefer to
> favor performance over security, and will want a way to be able to run
> Derby without a security manager, at least until we can reduce the
> performance penalty to a level that is tolerable for them.

I'm not sure this is a concern. I do not believe that the regression 
tests can be seen as a typical application, they use a new jvm for each 
test and create a new database each time. I think the slowdown is caused 
by the slowdown of jvm startup with a security manager and possibly 
slowdown of create database.

I think with a typical application in steady state, a security manager 
will have little effect on performance, since during steady state most 
likely there will be few security checks. It would be good to test this 
with a real application/benchmark.

Dan.


Mime
View raw message