[GitHub] chetanmeh commented on issue #4104: Cache empty auth results to reduce db load
chetanmeh commented on issue #4104: Cache empty auth results to reduce db load URL: https://github.com/apache/incubator-openwhisk/pull/4104#issuecomment-438795814 @rabbah @markusthoemmes can you review cache changes once This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] chetanmeh commented on issue #4104: Cache empty auth results to reduce db load
chetanmeh commented on issue #4104: Cache empty auth results to reduce db load URL: https://github.com/apache/incubator-openwhisk/pull/4104#issuecomment-437758971 > I have now limited the auth cache hard to 10 entries. Worth to be configurable ? @mhenke1 Should be fine to leave it specified in code for now This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] chetanmeh commented on issue #4104: Cache empty auth results to reduce db load
chetanmeh commented on issue #4104: Cache empty auth results to reduce db load URL: https://github.com/apache/incubator-openwhisk/pull/4104#issuecomment-437053186 @markusthoemmes All caches are currently configured with `softValues` thereby the entries are evicted (apart from expiry) on the basis of jvm garbage collection. Now if an attacker is given a way to add entry to one of the cache in arbitrary manner then it can possibly be abused to add lots of entries in Identity cache. This would put pressure on heap and would possibly trigger evictions of valid data in all other caches also. If we use a bounded cache in terms of entry count then only identity cache would be impacted but other caches would not get impacted. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] chetanmeh commented on issue #4104: Cache empty auth results to reduce db load
chetanmeh commented on issue #4104: Cache empty auth results to reduce db load URL: https://github.com/apache/incubator-openwhisk/pull/4104#issuecomment-437044918 Caching such negative lookups may be abused to put lots of of entries in cache and put pressure on heap (causing eviction of valid entries) given our caches are not bounded by size. May be use a separate bounded cache for such entries. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services