[Pgpool-hackers] query cache specification: possible security issue
Anssi Kääriäinen
anssi.kaariainen at thl.fi
Thu Jun 23 07:28:47 UTC 2011
On 06/22/2011 01:11 AM, Tatsuo Ishii wrote:
> IMO because pgpool executes query in the same search_path, it's no
> problem as long as the user does not change search_path dynamically.
>
> If the user changes search_path dynamically, we could use
> md5(username+search_path+query_string+database_name). Of course this
> requires additional database inquire on search_path. Do we need this?
I think this is just a documentation issue.
For possible security issues: shouldn't there be a secret value in the
key? Maybe this is a bit theoretical, but: MD5 isn't too strong, so if
one knows the username, database_name and query_string of a privileged
query, it is probably possible to create a collision using a query like:
select * from test where val = 'cause collision using this text';
If there is a secret value in the key, causing a collision is not
possible as the attacker does not know the MD5 of the cache key.
- Anssi
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese: http://www.sraoss.co.jp
More information about the Pgpool-hackers
mailing list