[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4316) proxycache attrsets

Pierangelo Masarati wrote:
>>> Don't forget access control issues; I think by playing with attrsets
>>> they
>>> can be limited, e.g. by only caching public searches or so.  In any
>>> case,
>>> I'd leave the possibility to define attrsets.
>> I really don't see that allowing subsets of attrsets to work as desired
>> has any impact on the overall access control policies.
> I mean: remember that pcache suffers from the access control issue, i.e.
> caching depends on the identity that first issued a certain operation, so
> lookups of cached data may either return a subset of the requested data,
> which is bad, or, in case the proxy's ACLs do not comply with those of the
> remote server, even in a superset, which is even worse.  So searching all
> attrs by default sounds like risking further exposure of data in those
> cases.
Yes, but that is certainly a separate bug. E.g., regardless of 
superset/subset issues, if userA fills the cache with data, the pcache 
overlay will consider the query to be answerable regardless of who else 
asks. So if userB comes along with the identical query, pcache will try 
to answer locally even though the cached data may include or exclude 
information that userB should/not have received from the remote server. 
This problem is already a given, and will need to be dealt with totally 
on its own.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/