[Pgpool-hackers] query cache specification: possible security issue
Tatsuo Ishii
ishii at sraoss.co.jp
Tue Jun 21 02:04:00 UTC 2011
Hi,
While checking GSoC query cache project specification, I noticed that
there's possible security issue with it. Currently the query cache key
is md5(query_string+database_name). Suppose user A has a table
"my_secret_table" whose result is only accessible by A. A issues
following query and the result is cached.
SELECT * FROM my_secret_table;
Afterward user B issues same query and the query cache system happily
returns the result of the query. So user B can accesss table A which
he has no right to access.
To solve the problem we can check the system catalog, but this is not
cheap.
My proposal is using key md5(username+query_string+database_name) as
cache key. One drawback is even if a table is accessable by user A and
B, they cannot share the query cache.
Comments?
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
More information about the Pgpool-hackers
mailing list