httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: cache - cleaning up mod_memcache and making other caches their live easier
Date Mon, 11 Feb 2008 12:12:09 GMT

On Feb 11, 2008, at 12:58 PM, Plüm, Rüdiger, VF-Group wrote:

> The contents of the cache is not protected by any means. So I do not
> see a security issue here. Somemone who has access to one cache entity
> has access to all.

Agreed. But what I worry about is that you get some subtle interaction  
with some obscure header;  which effectively is used by some site  
builder as implying certain access - or used, say, for ensuring that  
certain documents are only shown to, say, French people.

There is no doubt that this is 'wrong' on just about every level --  
but given how careless some of the new web app frameworks are put to  
use - seems an easy/cheap thing to fix. Just not sure how.

Dw.


Mime
View raw message