You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Kevin Brown (JIRA)" <ji...@apache.org> on 2008/07/11 06:25:31 UTC

[jira] Commented: (SHINDIG-444) HttpCache is insecure for authenticated content

    [ https://issues.apache.org/jira/browse/SHINDIG-444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12612753#action_12612753 ] 

Kevin Brown commented on SHINDIG-444:
-------------------------------------

Arbitrary strings are good, though I'd be careful about using JSON since the standard json libraries don't guarantee key order (JSON.org uses a HashMap, so key order will definitely change).

What about 

<owner>:<viewer>:<url> ?

<owner> and <viewer> can be set to zero if sign_owner / sign_viewer are false.

I also think we need oauth in there too. Maybe url encoded format?

owner=<owner>&viewer=<viewer>&oauthService=<service>&url=<url>

I have an old patch on my machine that moved most of the signed fetch and oauth logic into HttpRequest, and HttpRequest was responsible for producing the key. Something like:

HttpRequest normalRequest = new HttpRequest(url);
HttpRequest signedRequest = new SignedHttpRequest(url, securityToken);
HttpRequest oauthRequest = new OAuthRequest(url, securityToken, oauthState);

and

String key = signedRequest.getCacheKey();

You could also just make the cache key HttpRequest, though I do prefer string keys in general

> HttpCache is insecure for authenticated content
> -----------------------------------------------
>
>                 Key: SHINDIG-444
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-444
>             Project: Shindig
>          Issue Type: Bug
>            Reporter: Brian Eaton
>
> Background: http://mail-archives.apache.org/mod_mbox/incubator-shindig-dev/200805.mbox/%3Cdaf5b9570805250922u1c9b76degd393ab181ecc39d8@mail.gmail.com%3E
> Fixing this requires changing the HttpCache and AbstractHttpCache interfaces.  I'd like to change them so that the keys are strings, and the values are HttpResponses.
> Users of the HttpCache interface will figure out cache keys by building up complex strings (maybe JSON?) describing the resource.  For example, a signed fetch might look like this:
>     { url: 'http://www.example.com', signed: true, owner: 'brian', viewer: null }
> An unsigned GET might look like this:
>     { url: 'http://www.example.com' }
> Whatever string format is used would need to serialize consistently to avoid spurious cache misses.  for example, something that randomly switches between { url: foo, data: bar } and { data: bar, url: foo } would be a problem.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.