httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Degenhardt <...@mp3.com>
Subject Re: quick_handler hook is completely bogus.
Date Tue, 30 Jul 2002 19:55:14 GMT
I'm approaching this from a caching perspective, so when a module uses
quick_handler for non-caching mechanisms, my comments do not apply but
here's an option:

What if modules were required to set the Vary: header appropriately
and have mod_cache_* honor it?  This way, you're caching problem is
fixed for not only stuff that quick_handler screws up but for stuff
that any downstream proxy screws up.  If you're module absosmurfly has
to run on every request, do "Vary: *" and you're problem is solved.

-bmd

On Tue, Jul 30, 2002 at 12:40:56PM -0700, Ryan Bloom wrote:
> 
> I realize that this is a strong statement, but I believe that I can back
> it up.  My reasons for not liking this hook at all:
> 
> 1)  If I have a page that I have served and it gets put in the cache,
> then it will be served out of the quick_handler phase.  However, if I
> then add or modify a .htaccess file to deny access to that page, then my
> changes won't be honored until the page expires from the cache.  This is
> a security hole, because I don't know of anyway to invalidate cached
> pages.  (This one if from a conversation with wrowe).  [ I guess it
> might be possible to clear the cache with a graceful restart. ]
> 
> 2)  If I have a page that uses access checking to ensure that only
> certain people can request the page, the cache_filter will put it in the
> quick handler.  However, the page may not be allowed to people who will
> request it from the cache.  I may be wrong about this one, but I see how
> the cache disallows pages that require authentication.  I do not see how
> it can disallow caching of pages that require access_checking.
> 
> 3)  It isn't possible for a module author to circumvent the
> quick_handler phase.  If I write a module that doesn't want to allow the
> quick_handler phase, for security reasons, I can't enforce it.
> 
> While I understand that we are giving people a lot of rope and asking
> them to use it wisely, this phase gives too much rope, and invites
> people to hang themselves.
> 
> I believe that this hook should be removed, and all content should be
> served out of the handler phase.  If we are looking to remove some
> request phases, then we should make it possible to avoid individual
> phases when serving requests, not completely skip all of them.
> 
> Ryan
> 
> ----------------------------------------------
> Ryan Bloom
> rbb@covalent.net           rbb@apache.org
> 
> 

Mime
View raw message