The Price of Security: A Performance Study of Web Application Security

Web applications can be accessed by people from around the world, so security is usually one of the main concerns. Web application security can be implemented at several levels, namely, the URL level, the service level, and the object level. In this paper, the authors evaluate the impact of different levels of security on latency and throughput using a real world course management system. The authors' study shows that both URL and service security are very efficient, but security at the object level incurs significant overhead even with extensive object caching.