jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Permission handling (Was: [jira] [Commented] (OAK-660) ReadOnlyTree: implement Object#equals and Object#hashCode)
Date Fri, 01 Mar 2013 09:41:35 GMT

[branching general discussion to the list]

I'm not implying that the suggested solution in OAK-660 is wrong
(apologies if that was how I sounded), just trying to understand why
it was chosen since we've explicitly tried to make this pattern
(pre-load content in memory, refresh/reload when changes are detected)
unnecessary with Oak. If it's needed, then there might be some problem
lurking around that we haven't yet considered. Thus I'd like to better
understand the underlying issues before we rush into a solution.

More specifically, what's the cost of permission compilation and, if
too high to be done on-demand, what's the trade-off between storing
the compilation results in memory vs. in content? Also, what's the
benefit of a separate permission store vs. reading permissions
directly along the path being accessed?

PS. Angela, I know this must be annoying, with people asking questions
and bringing up alternatives, just to end up with "ah, right, I didn't
know that!" But these discussions help spread knowledge and
understanding about the security code and thus hopefully make it
easier for others to participate in the effort if or when needed.


Jukka Zitting

View raw message