02-10-2021, 10:52 PM
Hi Stam,
cdb_auth() costs a bit more than expected because it is doing a fair amount of work under the hood.
1. It generates a connection with your region and requests a nonse value. This model is designed to prevent middle-man attacks. (Cloud call - trip one)
2. The nonce value that is received by the client is then sent back to the region to authenticate the client. (Receive cloud call - trip two) (Cloud call - trip three)
3. After the region agrees that you are who you say you are, it then generates and API key. The parts of the region that your data touches is updated with the new API key.
4. The API key is then sent back to the client. (Receive cloud call - trip four)
A total of four trips back and forth are required to secure your connection.
The value of doing all of this is big. The authentication is more secure than not having the middle-man attack check. Also, you do not need to worry about the API key because it is managed for you during that session. There is not much weight from that point forward as it relates to transaction cost.
Your ping values are good. The inflight time is reasonable from the values you posted. At this time, this is the cost for security. Luckily, you do not have to do this for the entire session you are using your app.
I hope this helps explain the whys of it.
-Mark
cdb_auth() costs a bit more than expected because it is doing a fair amount of work under the hood.
1. It generates a connection with your region and requests a nonse value. This model is designed to prevent middle-man attacks. (Cloud call - trip one)
2. The nonce value that is received by the client is then sent back to the region to authenticate the client. (Receive cloud call - trip two) (Cloud call - trip three)
3. After the region agrees that you are who you say you are, it then generates and API key. The parts of the region that your data touches is updated with the new API key.
4. The API key is then sent back to the client. (Receive cloud call - trip four)
A total of four trips back and forth are required to secure your connection.
The value of doing all of this is big. The authentication is more secure than not having the middle-man attack check. Also, you do not need to worry about the API key because it is managed for you during that session. There is not much weight from that point forward as it relates to transaction cost.
Your ping values are good. The inflight time is reasonable from the values you posted. At this time, this is the cost for security. Luckily, you do not have to do this for the entire session you are using your app.
I hope this helps explain the whys of it.
-Mark