Wildcards and Performance Optimization

The security server is a powerful module that provides real-time security for all of the GENESIS64 client applications. The security settings are applied with different levels of access. It is possible, for example, to deny the access to a whole display or to a single tag embedded in it. Many of the operations performed from the GENESIS64 client applications require a security check in order to be performed.

 

For example, a process point can be visualized in GraphWorX64 only if the security check for it succeeds. The security check can involve a several-string comparison operation in order to grant or deny access to a specific resource. Thus, before displaying (for example) a process point in GraphWorX64, the application is required to check if the process point is in a tag exclude list for the user's account. The application is also required to see if the process point belongs to a critical point list. All of these checks are performed through a string comparison between the requested resource name and the lists of restricted resources (e.g., the excluded tag). (Include and exclude lists are described in Security Privileges for Users and Groups.)

Optimize Using Wildcards

Real-time update means comparing the requested resource with the list of denied resources each time a resource is requested. The whole list of denied resources must be reviewed to find out if the requested resources match one of them.

 

Note: The ICONICS Security Server performs all of these security checks each time a tag is requested. Access to a tag could be granted now and denied a fraction of a second later if security privileges have changed.

 

So the speed is inversely proportional to the number of strings that appear in your denied resource list (i.e., more strings means that more comparisons are needed; therefore the longer it takes). All you have to do to optimize the performance of you application is keep this in mind and use as many wildcard characters as possible.

 

For example, suppose that you want to declare all the tags in the DiskIO branch of the ICONICS OPC Simulator tree as a "critical point." You will have to add to the critical point list 50 different tags:

ICONICS .Simulator.1\DiskIO.D01

ICONICS .Simulator.1\DiskIO.D02

....

ICONICS .Simulator.1\DiskIO.D25

ICONICS .Simulator.1\DiskIO.R01

ICONICS .Simulator.1\DiskIO.R02

....

ICONICS .Simulator.1\DiskIO.R25

 

But instead of doing this you could simply add the following critical point using a wildcard character:

ICONICS .Simulator.1\DiskIO.*

 

In this way the Security Server will have to compare the resource requested from the client with one string instead of 50 different strings. Thus, it will run faster and you will see your data updated quickly.

Wildcards and Pattern Matching

The entries in the include and exclude lists allow pattern matching similar to a Visual Basic LIKE operator. Built-in pattern matching provides a versatile tool for string comparisons. The pattern-matching features allow you to use wildcard characters, character lists, or character ranges, in any combination, to match strings.

 

Text results in string comparisons are based on a case-insensitive textual sort order determined by your system's locale, for example:

(A=a) < (À=à) < (B=b) < (E=e) < (Ê=ê) < ( Z=z) < ( Ø=ø)

 

The following table lists the characters allowed in patterns and what they match.

 

Characters in pattern

Matches in String

?

Any single character

*

Zero or more characters

 

See Also:

Security Overview

Security Privileges for Users and Groups

GENESIS64 Security - Quick Start