[ https://issues.apache.org/jira/browse/OAK-2807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14511865#comment-14511865 ]
Alexander Klimetschek edited comment on OAK-2807 at 4/24/15 10:03 PM: ---------------------------------------------------------------------- Sounds great. The security folks will argue that the invalidation is extremely important, so it should work well, though in reality it would rarely occur. The common case of a public site at say /content/mysite that would always be public, especially on a published environment, should benefit greatly from that. The prerequisite of separate indexes with one for say /content/mysite in particular was done with Oak already, it's time to make use of it :) was (Author: alexander.klimetschek): Sounds great. The security folks will argue that the invalidation is extremely important, though in reality it would never occur. The common case of a public site at say /content/mysite that would always be public, especially on a published environment, should benefit greatly from that. The prerequisite of separate indexes with one for say /content/mysite in particular was done with Oak already, it's time to make use of it :) > Improve getSize performance for "public" content > ------------------------------------------------ > > Key: OAK-2807 > URL: https://issues.apache.org/jira/browse/OAK-2807 > Project: Jackrabbit Oak > Issue Type: Improvement > Components: query, security > Affects Versions: 1.0.13, 1.2 > Reporter: Michael Marth > > Certain operations in the query engine like getting the size of a result set > or facets are expensive to compute due to the fact that ACLs need to be > computed on the entire result set. This issue is to discuss an idea how we > could improve this: > There is a very common special case: content (a subtree) that is readable by > everyone (anonymous). If we mark an index on that subtree as "readable by > everyone" on index creation then we could skip ACL check on the result set or > precompute/cache certain query results. > In order to avoid information leakage the index would have to be marked > "invalid" as soon as one node in that sub-tree is not readable by everyone > anymore. (could be checked through a commit hook) > Maybe this concept could even be generalized later to work with other > principals than everyone. > Just an idea - feel free to poke holes and shoot it down :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)