Bryan Pendleton wrote:
> So maybe if Derby is booted as a standalone server with no security
> manager involved, it should install one with a default security
> policy. Thus allowing Derby to use Java security manager to manage
> system privileges but not requiring everyone to become familiar with
> them.
One small concern is the performance impact. We noticed that the 10.2
regression tests take a lot longer than the 10.1 regression tests did,
and one of the explanations for that was that the 10.2 tests run with
the security manager. There will be some people who will prefer to
favor performance over security, and will want a way to be able to run
Derby without a security manager, at least until we can reduce the
performance penalty to a level that is tolerable for them.
I'm not sure this is a concern. I do not believe that the regression
tests can be seen as a typical application, they use a new jvm for each
test and create a new database each time. I think the slowdown is caused
by the slowdown of jvm startup with a security manager and possibly
slowdown of create database.
I think with a typical application in steady state, a security manager
will have little effect on performance, since during steady state most
likely there will be few security checks. It would be good to test this
with a real application/benchmark.
Dan.
