Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Q:Timeouts and Security

6 posts in General Discussion (old) Last posting was on 2000-03-09 15:15:32.0Z
bobby Posted on 2000-03-08 21:01:30.0Z
Newsgroups: sybase.public.easerver
From: "bobby" <brosenberger@genam.com>
Subject: Q:Timeouts and Security
Date: Wed, 8 Mar 2000 15:01:30 -0600
Lines: 17
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: general.american.genam.com 208.209.229.251
Message-ID: <347_lz9wqJUi$GA.285@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:26862
Article PK: 157827

Hello,

I'm considering having a stateful jaguar component hold all of the security
priveledges for a user. As they move from HTML page to HTML page each one
would call a method on the component to check the privs. Does this sound
like a reasonable approach? With this method each user would have their
'own' security component for the duration of their visit. Is this consuming
too many resources?

What happens to an "active" jaguar component when a users session times out?
Will it deactivate? Get destroyed?

Thanks.

Bobby


Evan Ireland Posted on 2000-03-09 01:09:59.0Z
Newsgroups: sybase.public.easerver
Date: Thu, 09 Mar 2000 14:09:59 +1300
From: Evan Ireland <eireland@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: bobby <brosenberger@genam.com>
Subject: Re: Q:Timeouts and Security
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 23
NNTP-Posting-Host: vpn-eme-017.sybase.com 130.214.8.17
Message-ID: <347_38C6F9E7.BCE07E4B@sybase.com>
References: <347_lz9wqJUi$GA.285@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:26843
Article PK: 157811

Are you using Jaguar 3.0 or 3.5?

bobby wrote:
>
> Hello,
>
> I'm considering having a stateful jaguar component hold all of the security
> priveledges for a user. As they move from HTML page to HTML page each one
> would call a method on the component to check the privs. Does this sound
> like a reasonable approach? With this method each user would have their
> 'own' security component for the duration of their visit. Is this consuming
> too many resources?
>
> What happens to an "active" jaguar component when a users session times out?
> Will it deactivate? Get destroyed?
>
> Thanks.
>
> Bobby

--
________________________________________________________________________________

Evan Ireland Sybase EAServer Engineering eireland@sybase.com
Wellington, New Zealand +64 4 934-5856


bobby Posted on 2000-03-09 15:15:32.0Z
Newsgroups: sybase.public.easerver
From: "bobby" <brosenberger@genam.com>
Subject: Re: Q:Timeouts and Security
Date: Thu, 9 Mar 2000 09:15:32 -0600
Lines: 40
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: general.american.genam.com 208.209.229.251
Message-ID: <347_CONsCtdi$GA.201@forums.sybase.com>
References: <347_lz9wqJUi$GA.285@forums.sybase.com> <347_38C6F9E7.BCE07E4B@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:26801
Article PK: 154444

Currently 3.0... probably going to 3.5 on our dev. box within days. Why?
D'you have an idea?

Evan Ireland <eireland@sybase.com> wrote in message
news:38C6F9E7.BCE07E4B@sybase.com...
> Are you using Jaguar 3.0 or 3.5?
>
> bobby wrote:
> >
> > Hello,
> >
> > I'm considering having a stateful jaguar component hold all of the
security
> > priveledges for a user. As they move from HTML page to HTML page each
one
> > would call a method on the component to check the privs. Does this sound
> > like a reasonable approach? With this method each user would have their
> > 'own' security component for the duration of their visit. Is this
consuming
> > too many resources?
> >
> > What happens to an "active" jaguar component when a users session times
out?
> > Will it deactivate? Get destroyed?
> >
> > Thanks.
> >
> > Bobby
>
> --
>

____________________________________________________________________________
____
>
> Evan Ireland Sybase EAServer Engineering
eireland@sybase.com
> Wellington, New Zealand +64 4
934-5856


Brian P. Surratt Posted on 2000-03-08 21:40:09.0Z
Newsgroups: sybase.public.easerver
From: "Brian P. Surratt" <brian.surratt@bigfoot.com>
Subject: Re: Q:Timeouts and Security
Date: Wed, 8 Mar 2000 16:40:09 -0500
Lines: 49
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: surratt88.ft89.upmc.edu 128.147.89.88
Message-ID: <347_aiN5YeUi$GA.201@forums.sybase.com>
References: <347_lz9wqJUi$GA.285@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:26857
Article PK: 157822


bobby <brosenberger@genam.com> wrote in message
news:lz9wqJUi$GA.285@forums.sybase.com...
> Hello,
>
> I'm considering having a stateful jaguar component hold all of the
security
> priveledges for a user. As they move from HTML page to HTML page each one
> would call a method on the component to check the privs. Does this sound
> like a reasonable approach? With this method each user would have their
> 'own' security component for the duration of their visit. Is this
consuming
> too many resources?
>
> What happens to an "active" jaguar component when a users session times
out?
> Will it deactivate? Get destroyed?

In general stateful components are a bad idea, unless it is absolutely,
positively, in-no-uncertain-words necessary. This a basic tenant of
distributed computing.

I don't know about this... how big is your user base? This would greatly
limit your scalability. If you have an object in memory for each user,
you're eating up memory and other resources for components that aren't being
used at that ***instant***. If you get into thousands of users on the site
at one time, this would probably kill you.

I you really need to keep the privileges in memory, a better design might be
to make a shared component that caches the profiles for all users in a
datastore or similar structure. Your web pages would then make a call to
the shared component to ask for the user's profile. This implement would
create a single object in the server memory. The object would be larger,
but I think it would consume fewer resources.

To fine tune the design further, you might only store the active profiles in
your cache. That is, when a request is made for someone's profile, see if
they are in the cache. If not, go get their profile from persistent storage
and dump it into the cache. Then when they log out or time out, remove them
from the cache. You could expire the profiles using a time stamp that is
updated each time the profile is requested. A service component could wake
up and kill any profiles that have not been accessed in N minutes.

I'm doing something similar to cache variables that are potentially dynamic
but need to be accessed from a number of components.

Hope this helps,
Brian


bobby Posted on 2000-03-08 22:06:50.0Z
Newsgroups: sybase.public.easerver
From: "bobby" <brosenberger@genam.com>
Subject: Re: Q:Timeouts and Security
Date: Wed, 8 Mar 2000 16:06:50 -0600
Lines: 74
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: general.american.genam.com 208.209.229.251
Message-ID: <347_NuPbLuUi$GA.251@forums.sybase.com>
References: <347_lz9wqJUi$GA.285@forums.sybase.com> <347_aiN5YeUi$GA.201@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:26854
Article PK: 154450

Brian,

Thanks for taking the time to respond. You touched upon several fears that
were lurking in the back of my head. It's good to hear how other people are
doing things. I think you have some good ideas here...

Thanks again.

Bobby R

Brian P. Surratt <brian.surratt@bigfoot.com> wrote in message
news:aiN5YeUi$GA.201@forums.sybase.com...
> bobby <brosenberger@genam.com> wrote in message
> news:lz9wqJUi$GA.285@forums.sybase.com...
> > Hello,
> >
> > I'm considering having a stateful jaguar component hold all of the
> security
> > priveledges for a user. As they move from HTML page to HTML page each
one
> > would call a method on the component to check the privs. Does this sound
> > like a reasonable approach? With this method each user would have their
> > 'own' security component for the duration of their visit. Is this
> consuming
> > too many resources?
> >
> > What happens to an "active" jaguar component when a users session times
> out?
> > Will it deactivate? Get destroyed?
>
> In general stateful components are a bad idea, unless it is absolutely,
> positively, in-no-uncertain-words necessary. This a basic tenant of
> distributed computing.
>
> I don't know about this... how big is your user base? This would
greatly
> limit your scalability. If you have an object in memory for each user,
> you're eating up memory and other resources for components that aren't
being
> used at that ***instant***. If you get into thousands of users on the
site
> at one time, this would probably kill you.
>
> I you really need to keep the privileges in memory, a better design might
be
> to make a shared component that caches the profiles for all users in a
> datastore or similar structure. Your web pages would then make a call
to
> the shared component to ask for the user's profile. This implement would
> create a single object in the server memory. The object would be larger,
> but I think it would consume fewer resources.
>
> To fine tune the design further, you might only store the active profiles
in
> your cache. That is, when a request is made for someone's profile, see if
> they are in the cache. If not, go get their profile from persistent
storage
> and dump it into the cache. Then when they log out or time out, remove
them
> from the cache. You could expire the profiles using a time stamp that is
> updated each time the profile is requested. A service component could
wake
> up and kill any profiles that have not been accessed in N minutes.
>
> I'm doing something similar to cache variables that are potentially
dynamic
> but need to be accessed from a number of components.
>
> Hope this helps,
> Brian
>
>


Brian P. Surratt Posted on 2000-03-08 22:36:58.0Z
Newsgroups: sybase.public.easerver
From: "Brian P. Surratt" <brian.surratt@bigfoot.com>
Subject: Re: Q:Timeouts and Security
Date: Wed, 8 Mar 2000 17:36:58 -0500
Lines: 90
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: surratt88.ft89.upmc.edu 128.147.89.88
Message-ID: <347_g3bjG#Ui$GA.74@forums.sybase.com>
References: <347_lz9wqJUi$GA.285@forums.sybase.com> <347_aiN5YeUi$GA.201@forums.sybase.com> <347_NuPbLuUi$GA.251@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:26851
Article PK: 157819

No problem... glad to help

bobby <brosenberger@genam.com> wrote in message
news:NuPbLuUi$GA.251@forums.sybase.com...
> Brian,
>
> Thanks for taking the time to respond. You touched upon several fears that
> were lurking in the back of my head. It's good to hear how other people
are
> doing things. I think you have some good ideas here...
>
> Thanks again.
>
> Bobby R
>
> Brian P. Surratt <brian.surratt@bigfoot.com> wrote in message
> news:aiN5YeUi$GA.201@forums.sybase.com...
> > bobby <brosenberger@genam.com> wrote in message
> > news:lz9wqJUi$GA.285@forums.sybase.com...
> > > Hello,
> > >
> > > I'm considering having a stateful jaguar component hold all of the
> > security
> > > priveledges for a user. As they move from HTML page to HTML page each
> one
> > > would call a method on the component to check the privs. Does this
sound
> > > like a reasonable approach? With this method each user would have
their
> > > 'own' security component for the duration of their visit. Is this
> > consuming
> > > too many resources?
> > >
> > > What happens to an "active" jaguar component when a users session
times
> > out?
> > > Will it deactivate? Get destroyed?
> >
> > In general stateful components are a bad idea, unless it is absolutely,
> > positively, in-no-uncertain-words necessary. This a basic tenant of
> > distributed computing.
> >
> > I don't know about this... how big is your user base? This would
> greatly
> > limit your scalability. If you have an object in memory for each user,
> > you're eating up memory and other resources for components that aren't
> being
> > used at that ***instant***. If you get into thousands of users on the
> site
> > at one time, this would probably kill you.
> >
> > I you really need to keep the privileges in memory, a better design
might
> be
> > to make a shared component that caches the profiles for all users in a
> > datastore or similar structure. Your web pages would then make a call
> to
> > the shared component to ask for the user's profile. This implement
would
> > create a single object in the server memory. The object would be
larger,
> > but I think it would consume fewer resources.
> >
> > To fine tune the design further, you might only store the active
profiles
> in
> > your cache. That is, when a request is made for someone's profile, see
if
> > they are in the cache. If not, go get their profile from persistent
> storage
> > and dump it into the cache. Then when they log out or time out, remove
> them
> > from the cache. You could expire the profiles using a time stamp that
is
> > updated each time the profile is requested. A service component could
> wake
> > up and kill any profiles that have not been accessed in N minutes.
> >
> > I'm doing something similar to cache variables that are potentially
> dynamic
> > but need to be accessed from a number of components.
> >
> > Hope this helps,
> > Brian
> >
> >
>
>