This week's book giveaway is in the Spring forum.
We're giving away four copies of Pro Spring MVC with WebFlux: Web Development in Spring Framework 5 and Spring Boot 2 and have Marten Deinum & Iuliana Cosmina on-line!
See this thread for details.
Win a copy of Pro Spring MVC with WebFlux: Web Development in Spring Framework 5 and Spring Boot 2 this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

Relation between Performance and Security

 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Q from Whizlab simulator:

Relation between Performance & Security
A. None
B. High security results in high performance
C. High performance is pre-requisite for secure system
D. Security & Performance are inversely proportional
E. Low performance system can't be secure.

The correct answer according to them is D. The explanation takes Cryptography into account. Well, to me Security means "app level security" + "on the wire security"

So my choice is NONE. Unless we know whether we are talking about App level or on the wire how can we make a blanket statement that performance and security are inverse. By that token all the Role Based access control (RBAC) systems should also have very low performance because they offer high level of app security.

In my opinion this is one of the MANY MANY questions with SLOPPY quality in Whizlab.

Comments Please!!!
 
author and cow tipper
Posts: 5001
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would say B), that high security results in high performance.

Imagine, if nobody can access your program except for you, just how fast would it be. Imagine all those dual processors just to yourself.

I think the idea is that if you have a program that works fine, or the same program that works fine, but a credentials check must occur before the program is accessed, then there is a performance delay.

I actually very much dislike the relationship that is constantly drawn between security and performance. I've done alot of performance testing and improvements in my time, and never has the security infrastructure being the problem. People loading a terabyte database into each users session, or somebody re-inventing WebSphere connection pooling because their implementation will be 'better' on the other hand, causes more performance problems than a simple credentials check ever will.

Checking takes more time than not checking thouhg. You can't really argue with that.

-Cameron McKenzie
 
Jeff Belisle
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Kameron McKenzie:
I would say B), that high security results in high performance.

Imagine, if nobody can access your program except for you, just how fast would it be. Imagine all those dual processors just to yourself.



Here is my experience. I had this system which had a lot of rules and security etc. so If B was true that would mean I am getting High performance too. The application used to generate a PDF profit/loss report after complex calculations and using a combination of Oracle, MS SQL and hyperion multi-dimensional database. You guessed it right performance was a real pain even with only 1 user on the system.


I think the idea is that if you have a program that works fine, or the same program that works fine, but a credentials check must occur before the program is accessed, then there is a performance delay.

I actually very much dislike the relationship that is constantly drawn between security and performance. I've done alot of performance testing and improvements in my time, and never has the security infrastructure being the problem. People loading a terabyte database into each users session, or somebody re-inventing WebSphere connection pooling because their implementation will be 'better' on the other hand, causes more performance problems than a simple credentials check ever will.

Checking takes more time than not checking thouhg. You can't really argue with that.



Sure, I agree with your argument but this does not necessarily mean degraded performance. As you said, you have never seen security as a performance bottleneck.



-Cameron McKenzie


[ October 28, 2006: Message edited by: Jeff Belisle ]
 
Ranch Hand
Posts: 135
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In my humble opinion, every security measures implemented does incurred certain performance impacts, usually negatively.

Encryption/Decryption takes more CPU cycles. SSL or TLS too.

Application level security like authentication using LDAP or ACL authorization makes our application execution slower than if we don't have all these security protections.

Even a standard login screen, would causes performance delay, in the sense of user get slower access to the functionality of the system.

What about obfuscation process that makes your source codes more secure? Alot of experiments and benchmarks signify that obfuscation makes the application runtime execution faster. Yes, runtime performance is increase, but the application build and deployment performance would be slower due to the extra process it takes (In this case, obfuscation).

So, I would agree that performance and security are inversely propotional generally.

Just my 2 cents. Cheers.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic