Performance vs. security should never be considered. Security trumps everything.
We should adopt standards where available. We should use other open source libraries where applicable. As part of the Apache ecosystem now we need to look at Apache projects that may provide these capabilities. We rarely want to reinvent something, especially in security. -Jake — Jacob Barrett Manager GemFire Advanced Customer Engineering (ACE) Pivotal [email protected] 503-533-3763 For immediate support please contact Pivotal Support at http://support.pivotal.io/ On Fri, Aug 7, 2015 at 9:28 AM, Anthony Baker <[email protected]> wrote: > Am I missing something? Not verifying the integrity of a security token > creates a vulnerability, right? > Have you quantified the performance impact of Spring Security? > Anthony >> >> Agreed. Initially I had spec'd it out based on Spring Security. But >> Neelkanth felt token based approach is better for performance where we check >> only for presence of Token but not its Integrity >> >> >> - Tushar >>
