[Date Prev][Date Next]
Re: (ITS#4316) proxycache attrsets
Pierangelo Masarati wrote:
>>> Don't forget access control issues; I think by playing with attrsets
>>> can be limited, e.g. by only caching public searches or so. In any
>>> I'd leave the possibility to define attrsets.
>> I really don't see that allowing subsets of attrsets to work as desired
>> has any impact on the overall access control policies.
> I mean: remember that pcache suffers from the access control issue, i.e.
> caching depends on the identity that first issued a certain operation, so
> lookups of cached data may either return a subset of the requested data,
> which is bad, or, in case the proxy's ACLs do not comply with those of the
> remote server, even in a superset, which is even worse. So searching all
> attrs by default sounds like risking further exposure of data in those
Yes, but that is certainly a separate bug. E.g., regardless of
superset/subset issues, if userA fills the cache with data, the pcache
overlay will consider the query to be answerable regardless of who else
asks. So if userB comes along with the identical query, pcache will try
to answer locally even though the cached data may include or exclude
information that userB should/not have received from the remote server.
This problem is already a given, and will need to be dealt with totally
on its own.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/