Chart FX PSS
The Chart FX PSS (Performance, Scalability & Security) Add-On allows organizations to attend to crucial Performance, Scalability and Security issues when using the Chart FX in a web server environment. With Chart FX PSS you can expect a substantial increase in your Web server's throughput, commonly measured in requests per second and avoid security issues associated with generating and storing server side charts.
Chart FX PSS is basically a service that communicates with the Chart FX server component, delayed generation and security according to configured conditions. Chart FX PSS can be configured thought static configuration files, or dynamically through API.
Chart Delayed Generation
When page output is buffered, the server does not send a response to the client until all of the server scripts on the current page have been processed. For long scripts, this may cause a perceptible delay.
Chart FX PSS delay generation mechanism can significantly improve the performance of large web applications by making better use of the roundtrip time thus maximizing server processing time.
This mechanism allows the GetHtmlTag method to generate a tag that can be used by the browser and immediately return control to the page without waiting until the chart gets generated on the server. When the page output is buffered, this will result in a significant improvement on performance since server scripts will be processed faster without waiting until the Chart FX server controls generates, paints and stores the chart, and returns control so the rest of the script completes execution.
In essence, this mechanism of returning control immediately so the rest of the server script can continue running without further delay from the chart control allows for a better use of server idle time when data is traveling from the server to the clients.
At a later time, when the chart is requested by the browser, Chart FX PSS will automatically dispose it. Nevertheless, it can be configured to dispose of charts that have been generated but not requested by the client browser.
Security
When Chart is used in a web server, it is necessary to create a folder where it will store the temporary images generated by a GetHtmlData call. This folder must be part of the web server since it needs to be accessed from the client browsers. This process unveils two critical security issues:
First, while files remain in this directory, an “unauthorized user" may find ways to view and inspect charts that were generated by the Chart FX server component. Secondly, since this directory is used by the Chart FX server component as a general directory, it can't apply discretionary authentication information to files being generated by the server component. For example, charts with private data such as employee salary information may end up requiring authentication, but since it is stored on the same directory it will inherit the same security restrictions as the rest of the files in this folder. In most cases, this Temp directory is created with anonymous access which means all files can be accessed by virtually anyone.
These issues are minimized by the fact that each chart name is generated with a random seed that makes it impossible to detect.
Nevertheless, Chart FX PSS takes a safer approach and addresses both issues by avoiding generated chart files from being stored on disk as it was previously explained; and also, each chart can be signed with each user authentication and will be returned only to the user who initially requested the chart thus making Chart FX security as strong as the security policies imposed by your web server.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved