[
https://issues.apache.org/jira/browse/OAK-2807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14511865#comment-14511865
]
Alexander Klimetschek edited comment on OAK-2807 at 4/24/15 10:03 PM:
----------------------------------------------------------------------
Sounds great. The security folks will argue that the invalidation is extremely
important, so it should work well, though in reality it would rarely occur. The
common case of a public site at say /content/mysite that would always be
public, especially on a published environment, should benefit greatly from
that. The prerequisite of separate indexes with one for say /content/mysite in
particular was done with Oak already, it's time to make use of it :)
was (Author: alexander.klimetschek):
Sounds great. The security folks will argue that the invalidation is extremely
important, though in reality it would never occur. The common case of a public
site at say /content/mysite that would always be public, especially on a
published environment, should benefit greatly from that. The prerequisite of
separate indexes with one for say /content/mysite in particular was done with
Oak already, it's time to make use of it :)
> Improve getSize performance for "public" content
> ------------------------------------------------
>
> Key: OAK-2807
> URL: https://issues.apache.org/jira/browse/OAK-2807
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: query, security
> Affects Versions: 1.0.13, 1.2
> Reporter: Michael Marth
>
> Certain operations in the query engine like getting the size of a result set
> or facets are expensive to compute due to the fact that ACLs need to be
> computed on the entire result set. This issue is to discuss an idea how we
> could improve this:
> There is a very common special case: content (a subtree) that is readable by
> everyone (anonymous). If we mark an index on that subtree as "readable by
> everyone" on index creation then we could skip ACL check on the result set or
> precompute/cache certain query results.
> In order to avoid information leakage the index would have to be marked
> "invalid" as soon as one node in that sub-tree is not readable by everyone
> anymore. (could be checked through a commit hook)
> Maybe this concept could even be generalized later to work with other
> principals than everyone.
> Just an idea - feel free to poke holes and shoot it down :)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
