PageSecurity.EnhanceClass is not thread safe
Opened this issue · 1 comments
joozek78 commented
PageSecurity.EnhanceClass is responsible for altering TypedJson schema of a view-model to include permission checking. Problems can now occur, because:
- Two threads access a view-model for the first time and they both enhance it at the same time, mangling their modifications
- Two threads access a view-model for the first time and one enhances it, while the other is using it
- There can be more problems
There should be locking in this method, but since it's on a path of every request a naive lock statement could hurt performance significantly.
miyconst commented
... altering TypedJson schema of a view-model to include permission checking.
I think, that this operation shall happen inside a lock and during application startup. Adding more and more checks per request will contribute to the overall app latency, while doing it once on app start will only affect app startup time.