river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: SocketPermission and LookupLocatorDiscovery vs. Reggie scalability
Date Tue, 12 Apr 2011 01:55:50 GMT
I've been working on a caching SecurityManager, that provides for 
permission revocation and Li Gong's method guard pattern (in fact 
revocation works best with method guards, since not all standard 
permissions are revocable).

Caching is used to overcome the performance bottleneck of method guard 
security checks, performed upon each method invocation, instead the 
result of security checks is cached for execution contexts, the cache is 
cleared if revocation is performed.

This would solve any performance issues for repeated security checks in 
your case, the code is in skunk/pepe.

My objective is to get security to scale, enable the use of method 
guards, delegates and revocation.



Patricia Shanahan wrote:
> On 4/11/2011 7:59 AM, Christopher Dolan wrote:
> ...
>> These conditions are hard to reproduce in a typical lab, because they
>> require large numbers of machines and deliberately misconfigured DNS.
>> I'd appreciate any thoughts that others have about Reggie scaling
>> issues.
> ...
> I can't comment on the specific issue, but I do have a general concern
> about scalability.
> I've had many opportunities to compare the educated performance
> estimates of expert programmers to actual measurements. Scalability
> almost always involves surprises. The bottlenecks programmers expect are
> not the ones that matter.
> The biggest difference I've found between being a performance architect
> working for computer manufacturers and being an open source programmer
> is the difference in opportunities for scalability measurement. When I 
> was working for computer manufacturers, if a benchmark needed to
> be fast on a system with P processors and M gigabytes of memory, I would
> measure and profile it on a system with P processors and M gigabytes of
> memory.
> Now, I'm trying to write scalable code and only measuring on my home
> computer. I can do my best to project performance on larger systems, but
> I *know* how little value unmeasured performance projects really have.
> The best solution I can think of is some form of collaboration with
> people who do have the hardware resources to measure scalability. 
> Perhaps the user community have some ideas?
> Patricia

View raw message