Whidbey's Security Off Model

What's New in Security for v2.0

.Net Security Blog — Thu, 01 Sep 2005 00:08:39 GMT

There's a ton of new and enhanced security features coming with the v2.0 release of the CLR.&nbsp; However,...

What's New in Security for v2.0

.Net Security Blog — Wed, 24 Aug 2005 17:46:50 GMT

There's a ton of new and enhanced security features coming with the v2.0 release of the CLR.&nbsp; However,...

re: Whidbey's Security Off Model

Brien — Fri, 29 Jul 2005 20:19:33 GMT

Shawn,

For background, over the next few months I'll be building a system that needs to operate in real time and will be sensitive to sub-millisecond delays. It will be built and deployed under 1.1 but eventually ported to Whidbey when it is released. Absolute speed is a requirement. Hopefully, I've convinced you that my requirements fall in the "extremely unlikely" bucket.

So, assuming I do everything I can to make my application code fast, I'm trying to understand what I can do to the CLR to juice it. Every few percent counts.

Your generalizations make sense, but for my specific circumstances, please assume that speed equates to money and there is a non-linear cost benefit the faster you go.

Thanks,
Brien

re: Whidbey's Security Off Model

shawnfa — Fri, 29 Jul 2005 03:30:43 GMT

The rules of performance work are measure, measure, measure. [http://blogs.msdn.com/ricom]. It is extremely unlikely that you're in a situation where security is causing your application ot slow down appreciably. Have you demonstrated that security is the perf problem with your app? In general, trading security for performance is a very bad idea.

-Shawn

re: Whidbey's Security Off Model

Brien — Thu, 28 Jul 2005 19:41:03 GMT

Shawn,

I understand your statement for a general purpose machine, or a desktop, but how is caspol -s a risk for a dedicated server used only for internal server applications?

Brien

re: Whidbey's Security Off Model

shawnfa — Wed, 27 Jul 2005 23:04:41 GMT

Brien -- you should not be using caspol -s off for performance reasons on any framework. This leaves your machine wide open to attack for little performance gain.

In v2.0 we've done a lot of work to make sure the security subsystem is even faster, so using it for this reason is even more unnecessary.

-Shawn

re: Whidbey's Security Off Model

Brien — Wed, 27 Jul 2005 22:49:03 GMT

caspol -s off turned security checks into no-ops under 1.1. for severely performance critical applications that run in a controlled environment, what configuration gives you the most raw speed?

Security Off Wrap Up

.Net Security Blog — Tue, 10 May 2005 23:11:23 GMT

I've got just a few loose ends to tie up about our new security off behavior, and then we'll move on...

Forcing Security to Stay On

.Net Security Blog — Wed, 04 May 2005 20:08:45 GMT

Last time we looked at how the Whidbey version of CasPol uses a mutex to indicate the state of the security...

re: Whidbey's Security Off Model

shawnfa — Fri, 29 Apr 2005 17:07:06 GMT

Kevin -- correct, as of now, CasPol is the only shipping way to toggle the security switch.

Nicole -- if the information didn't make it to the MSDN docs that shipped with beta 2, then unfortunately it won't get doced until we RTM. No problem confirming what you see and filing bugs though :-)

-Shawn