[Pgpool-hackers] query cache specification: possible security issue
Anssi Kääriäinen
anssi.kaariainen at thl.fi
Thu Jun 23 07:42:21 UTC 2011
On 06/23/2011 10:16 AM, Tatsuo Ishii wrote:
>> I think this is just a documentation issue.
>>
>> For possible security issues: shouldn't there be a secret value in the
>> key? Maybe this is a bit theoretical, but: MD5 isn't too strong, so if
>> one knows the username, database_name and query_string of a privileged
>> query, it is probably possible to create a collision using a query
>> like:
>> select * from test where val = 'cause collision using this text';
>>
>> If there is a secret value in the key, causing a collision is not
>> possible as the attacker does not know the MD5 of the cache key.
> What about verifying username? I mean:
>
> 1) Cache key is md5(username+query_string+database_name). Also we keep
> username in the cached data.
>
> 2) If cached query found, extract username from the cache data. Make
> sure that current username = the extracted username.
Your idea is better. This way there is no need to have a secret key in
the config file.
- Anssi
More information about the Pgpool-hackers
mailing list