httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Plüm, Rüdiger, VF-Group <ruediger.pl...@vodafone.com>
Subject Re: cache - cleaning up mod_memcache and making other caches their live easier
Date Mon, 11 Feb 2008 12:54:55 GMT
 

> -----Ursprüngliche Nachricht-----
> Von: Dirk-Willem van Gulik  
> Gesendet: Montag, 11. Februar 2008 13:12
> An: dev@httpd.apache.org
> Betreff: Re: cache - cleaning up mod_memcache and making 
> other caches their live easier
> 
> 
> On Feb 11, 2008, at 12:58 PM, Plüm, Rüdiger, VF-Group wrote:
> 
> > The contents of the cache is not protected by any means. So I do not
> > see a security issue here. Somemone who has access to one 
> cache entity
> > has access to all.
> 
> Agreed. But what I worry about is that you get some subtle 
> interaction  
> with some obscure header;  which effectively is used by some site  
> builder as implying certain access - or used, say, for ensuring that  
> certain documents are only shown to, say, French people.
> 
> There is no doubt that this is 'wrong' on just about every level --  
> but given how careless some of the new web app frameworks are put to  

I agree that some web app frameworks might be careless, but the cache is
IMHO the wrong location to fix this kind of sloppyness. On the contrary
I think we must make clear explicitly that nothing in the cache is protected
from access. Keep in mind that none of the access / authz restrictions apply
to cached content. No deny from / require directive will be applied to cached
content once it is in the cache. It is open to *anyone*.
The only security issue we must take care of is to avoid cache poisoning.
This might be possible with the following kind of requests:

    	GET / HTTP/1.0
	User-Agent: enMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.4) Gecko/20070515
Firefox/2.0.0.4
      Accept-Language:


	GET / HTTP/1.0
	User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv: 1.8.1.4) Gecko/20070515
Firefox/2.0.0.4
	Accept-Language: en

which may both have

    	Vary: Accept-Language User-Agent

in there response. But as we create the key of

[old_key][header name][header value].... both requests result in different cache keys (keys
are hashes of the values below):

/Accept-LanguageUser-AgentenMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.4)
Gecko/20070515 Firefox/2.0.0.4
/Accept-LanguageenUser-AgentMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.4)
Gecko/20070515 Firefox/2.0.0.4

So I see no danger for cache poisioning here.


Regards

Rüdiger


Mime
View raw message