Daniel John Debrunner wrote:
I think with a typical application in steady state, a security manager
will have little effect on performance, since during steady state most
likely there will be few security checks. It would be good to test this
with a real application/benchmark.
I found a paper published in "Computers & Security" (2005) on security manager
performance:
http://rewerse.net/publications/download/REWERSE-RP-2005-141.pdf
Have not read the whole thing yet, but here's part of the conclusion:
"Test results show that there is an execution time penalty of approximately 100%
for Java-defined resources when the resource access runs under a Security
Manager. The resource access to operating system resources (files, sockets) is
so expensive that it hides the time penalty of the Security Manager almost
completely."
[snip]
"A performance boost can be achieved by memory tuning and, to a lesser degree,
the right order of permissions in the policy file."
--
John
