Changeset 2523


Ignore:
Timestamp:
27/12/13 02:30:29 (6 years ago)
Author:
mnot@…
Message:

Reword security considerations around cache poisioning; see #535.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p6-cache.xml

    r2522 r2523  
    5555  <!ENTITY status.2xx                  "<xref target='Part2' x:rel='#status.2xx' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    5656  <!ENTITY transformations             "<xref target='Part1' x:rel='#message.transformations' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
     57  <!ENTITY body.length                 "<xref target='Part1' x:rel='#message.body.lenth' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    5758]>
    5859<?rfc toc="yes" ?>
     
    21652166</t>
    21662167<t>
     2168   In particular, various attacks might be amplified by being stored in a
     2169   shared cache; such "cache poisoning" attacks use the cache to distribute a
     2170   malicious payload to many clients, and are especially effective when an
     2171   attacker can use implmentation flaws, elevated priviledges or other
     2172   techniques to insert such a response into a cache. One common attack vector
     2173   for cache poisoning is to exploit differences in message parsing on proxies
     2174   and in user agents; see &body.length; for the relevant requirements.
     2175</t>
     2176<t>
     2177   Likewise, implementation flaws (as well as misunderstanding of cache
     2178   operation) might lead to caching of sensitive information (e.g.,
     2179   authentication credentials) that is thought to be private, exposing it to
     2180   unauthorized parties.
     2181</t>
     2182<t>
    21672183   Furthermore, the very use of a cache can bring about privacy concerns. For
    21682184   example, if two users share a cache, and the first one browses to a site,
    21692185   the second may be able to detect that the other has been to that site,
    21702186   because the resources from it load more quickly, thanks to the cache.
    2171 </t>
    2172 <t>
    2173    Implementation flaws might allow attackers to insert content into a cache
    2174    ("cache poisoning"), leading to compromise of clients that trust that
    2175    content. Because of their nature, these attacks are difficult to mitigate.
    2176 </t>
    2177 <t>
    2178    Likewise, implementation flaws (as well as misunderstanding of cache
    2179    operation) might lead to caching of sensitive information (e.g.,
    2180    authentication credentials) that is thought to be private, exposing it to
    2181    unauthorized parties.
    21822187</t>
    21832188<t>
Note: See TracChangeset for help on using the changeset viewer.