Re: cache - cleaning up mod_memcache and making other caches their live easier

Mon, 11 Feb 2008 04:59:14 -0800 

 

> -----Ursprüngliche Nachricht-----
> Von: Dirk-Willem van Gulik  
> Gesendet: Montag, 11. Februar 2008 13:12
> An: [email protected]
> Betreff: Re: cache - cleaning up mod_memcache and making 
> other caches their live easier
> 
> 
> On Feb 11, 2008, at 12:58 PM, Plüm, Rüdiger, VF-Group wrote:
> 
> > The contents of the cache is not protected by any means. So I do not
> > see a security issue here. Somemone who has access to one 
> cache entity
> > has access to all.
> 
> Agreed. But what I worry about is that you get some subtle 
> interaction  
> with some obscure header;  which effectively is used by some site  
> builder as implying certain access - or used, say, for ensuring that  
> certain documents are only shown to, say, French people.
> 
> There is no doubt that this is 'wrong' on just about every level --  
> but given how careless some of the new web app frameworks are put to  

I agree that some web app frameworks might be careless, but the cache is
IMHO the wrong location to fix this kind of sloppyness. On the contrary
I think we must make clear explicitly that nothing in the cache is protected
from access. Keep in mind that none of the access / authz restrictions apply
to cached content. No deny from / require directive will be applied to cached
content once it is in the cache. It is open to *anyone*.
The only security issue we must take care of is to avoid cache poisoning.
This might be possible with the following kind of requests:

        GET / HTTP/1.0
        User-Agent: enMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; 
rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
      Accept-Language:


        GET / HTTP/1.0
        User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv: 
1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
        Accept-Language: en

which may both have

        Vary: Accept-Language User-Agent

in there response. But as we create the key of

[old_key][header name][header value].... both requests result in different 
cache keys (keys are hashes of the values below):

/Accept-LanguageUser-AgentenMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; 
rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
/Accept-LanguageenUser-AgentMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; 
rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4

So I see no danger for cache poisioning here.


Regards

Rüdiger

Reply via email to